Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Wieder cybercrime investigation department

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.05.2013, 15:45   #1
Motormouse
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department



Hallo Zusammen!
Nun, auch mich hat's zum zweiten mal erwischt. Das erste mal konnte ich den Virus über einen zweiten PC mit Kaspersky entfernen, dieses mal ist Fehlanzeige damit. Der abgesicherte Modus ist gesperrt, kann aber ohne weiteres über meine XP HD drauf zugreifen.
Ein anderes Antivirusprogramm hat auch nicht geholfen, und hoffe nun auf Eure Hilfe!

Hier mal das OTLpe File, ein Extras.txt wurde nicht generiert.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/20/2013 10:42:10 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 46.66 Gb Free Space | 47.78% Space Free | Partition Type: NTFS
Drive D: | 195.32 Gb Total Space | 131.21 Gb Free Space | 67.18% Space Free | Partition Type: NTFS
Drive E: | 172.78 Gb Total Space | 37.90 Gb Free Space | 21.94% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/09/12 16:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 16:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/30 17:46:46 | 000,296,448 | ---- | M] () [Auto] -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2012/11/16 08:08:21 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/11/09 06:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/24 13:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 08:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/23 15:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/05 19:47:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/17 06:24:10 | 000,055,296 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
SRV - [2011/05/24 05:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/04/26 08:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/08 12:15:26 | 000,068,136 | ---- | M] () [Auto] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/11/18 08:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/10/26 14:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/09/28 05:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/30 17:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/02 20:25:18 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/10/16 01:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/11/03 22:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2013/05/20 14:49:27 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\Windows\gdrv.sys -- (gdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\scb_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\scb_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKU\scb_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\scb_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 7D 45 50 F3 C3 CD 01  [binary data]
IE - HKU\scb_ON_C\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - Reg Error: Key error. File not found
IE - HKU\scb_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\scb_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 7D 45 50 F3 C3 CD 01  [binary data]
IE - HKU\UpdatusUser_ON_C\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - Reg Error: Key error. File not found
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/14 14:04:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/16 05:20:48 | 000,000,000 | ---D | M]
 
[2012/11/16 09:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/24 13:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 18:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/10/24 18:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 18:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/10/24 18:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/10/24 18:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/10/24 18:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\scb_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] E:\Documents\26044f61.exe ()
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [CTAutoUpdate] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\scb_ON_C Winlogon: Shell - (cmd.exe) - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 1 Day ==========
 
 
========== Files - Modified Within 1 Day ==========
 
[2013/05/20 14:50:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/20 14:49:38 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/20 14:49:27 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/05/20 14:48:59 | 535,535,615 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/20 11:54:28 | 000,000,860 | ---- | M] () -- C:\Users\UpdatusUser\Desktop\RegCleaner.lnk
[2013/05/20 11:54:28 | 000,000,617 | ---- | M] () -- C:\Users\UpdatusUser\Desktop\XnView.lnk
[2013/05/20 11:54:28 | 000,000,600 | ---- | M] () -- C:\Users\UpdatusUser\Desktop\FSDyn!.lnk
[2013/05/20 11:54:28 | 000,000,555 | ---- | M] () -- C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\XnView.lnk
[2013/05/20 11:54:25 | 000,000,986 | ---- | M] () -- C:\Users\scb\Desktop\WS_FTP95.lnk
[2013/05/20 11:54:25 | 000,000,617 | ---- | M] () -- C:\Users\scb\Desktop\XnView.lnk
[2013/05/20 11:53:14 | 000,000,752 | ---- | M] () -- C:\Users\scb\Desktop\Stellar Phoenix Windows Data Recovery - Professional.lnk
[2013/05/20 11:53:11 | 000,001,230 | ---- | M] () -- C:\Users\scb\Desktop\MirIII_Airports.lnk
[2013/05/20 11:53:04 | 000,001,227 | ---- | M] () -- C:\Users\scb\Desktop\MIIIB_docFRA.lnk
[2013/05/20 11:53:04 | 000,001,227 | ---- | M] () -- C:\Users\scb\Desktop\MIIIB_docENG.lnk
[2013/05/20 11:53:03 | 000,000,823 | ---- | M] () -- C:\Users\scb\Desktop\Instant Scenery Readme.lnk
[2013/05/20 11:53:03 | 000,000,768 | ---- | M] () -- C:\Users\scb\Desktop\LibraryMaker.lnk
[2013/05/20 11:53:03 | 000,000,624 | ---- | M] () -- C:\Users\scb\Desktop\IrfanView.lnk
[2013/05/20 11:53:00 | 000,000,600 | ---- | M] () -- C:\Users\scb\Desktop\FSDyn!.lnk
[2013/05/20 11:52:58 | 000,001,810 | ---- | M] () -- C:\Users\scb\Desktop\Free Video to Flash Converter.lnk
[2013/05/20 11:52:58 | 000,001,069 | ---- | M] () -- C:\Users\scb\Desktop\FS Design Studio V2.lnk
[2013/05/20 11:52:58 | 000,000,639 | ---- | M] () -- C:\Users\scb\Desktop\DXTBmp.lnk
[2013/05/20 11:52:50 | 000,002,137 | ---- | M] () -- C:\Users\scb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/20 11:52:50 | 000,001,335 | ---- | M] () -- C:\Users\scb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/20 11:52:50 | 000,001,011 | ---- | M] () -- C:\Users\scb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/05/20 11:52:50 | 000,000,555 | ---- | M] () -- C:\Users\scb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\XnView.lnk
[2013/05/20 11:51:33 | 000,001,611 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/05/20 11:51:33 | 000,001,495 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2013/05/20 11:51:33 | 000,001,443 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2013/05/20 11:51:31 | 000,001,623 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2013/05/20 11:51:29 | 000,002,015 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/20 11:51:29 | 000,001,061 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/20 11:51:28 | 000,001,580 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/05/20 08:20:18 | 000,104,506 | ---- | M] () -- C:\Users\scb\AppData\Local\2433f433
[2013/05/20 08:20:18 | 000,104,452 | ---- | M] () -- C:\ProgramData\2433f433
[2013/05/20 08:20:16 | 000,034,304 | ---- | M] () -- E:\Documents\26044f61.exe
[2013/05/20 08:19:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/20 08:09:42 | 000,082,182 | ---- | M] () -- C:\Users\scb\Desktop\Valvo_VHF_VD1.jpg
[2013/05/20 07:53:56 | 000,002,540 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0473_mov.HDP
[2013/05/20 07:40:08 | 002,869,549 | ---- | M] () -- C:\Users\scb\Desktop\Versuch_1.wmv
[2013/05/20 06:53:22 | 042,582,746 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0478.MOV
[2013/05/20 06:52:42 | 037,842,707 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0477.MOV
[2013/05/20 06:52:18 | 018,553,411 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0476.MOV
[2013/05/20 06:31:14 | 053,684,982 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0473.MOV
[2013/05/20 05:04:10 | 000,022,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/20 05:04:10 | 000,022,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/20 05:01:14 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/20 05:01:14 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/20 05:01:14 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/20 05:01:14 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013/05/20 08:20:18 | 000,104,506 | ---- | C] () -- C:\Users\scb\AppData\Local\2433f433
[2013/05/20 08:20:18 | 000,104,452 | ---- | C] () -- C:\ProgramData\2433f433
[2013/05/20 08:20:16 | 000,034,304 | ---- | C] () -- E:\Documents\26044f61.exe
[2013/05/20 08:08:52 | 000,082,182 | ---- | C] () -- C:\Users\scb\Desktop\Valvo_VHF_VD1.jpg
[2013/05/20 07:53:56 | 000,002,540 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0473_mov.HDP
[2013/05/20 07:53:48 | 042,582,746 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0478.MOV
[2013/05/20 07:53:46 | 037,842,707 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0477.MOV
[2013/05/20 07:53:46 | 018,553,411 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0476.MOV
[2013/05/20 07:39:45 | 002,869,549 | ---- | C] () -- C:\Users\scb\Desktop\Versuch_1.wmv
[2013/05/20 07:33:04 | 053,684,982 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0473.MOV
[2013/05/01 05:10:42 | 000,000,004 | ---- | C] () -- C:\Users\scb\AppData\Roaming\skype.ini
[2013/03/15 15:54:57 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/03/15 15:26:54 | 000,000,052 | ---- | C] () -- C:\Windows\videodeLuxe.INI
[2013/03/15 15:18:12 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2013/03/15 15:12:30 | 000,001,208 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2013/03/13 12:46:40 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ4809N.DAT
[2013/02/27 13:05:30 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/15 11:06:22 | 000,000,039 | ---- | C] () -- C:\Windows\spwdrp.INI
[2012/11/20 11:17:08 | 000,000,040 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2012/11/16 11:16:40 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012/11/16 11:16:40 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012/11/16 11:16:39 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3070CW.INI
[2012/11/16 11:15:28 | 000,000,471 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/11/16 11:15:26 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/11/16 11:15:26 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/11/16 11:14:56 | 000,000,326 | ---- | C] () -- C:\Windows\Brownie.ini
[2012/11/16 11:05:41 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/11/16 08:04:51 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/11/16 08:04:51 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/01/17 06:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\ASGT.exe
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/13 01:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/12/04 00:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/21 02:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/06/07 00:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2007/04/27 05:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2013/05/09 07:13:39 | 000,000,000 | ---D | M] -- C:\Users\scb\AppData\Roaming\CadSoft
[2013/03/13 12:58:11 | 000,000,000 | ---D | M] -- C:\Users\scb\AppData\Roaming\Canon
[2013/03/16 05:51:37 | 000,000,000 | ---D | M] -- C:\Users\scb\AppData\Roaming\DVDVideoSoft
[2013/01/06 10:23:40 | 000,000,000 | ---D | M] -- C:\Users\scb\AppData\Roaming\Flight1
[2013/03/15 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\scb\AppData\Roaming\MAGIX
[2013/01/06 11:16:01 | 000,000,000 | ---D | M] -- C:\Users\scb\AppData\Roaming\SAMM2
[2013/02/12 13:33:51 | 000,000,000 | ---D | M] -- C:\Users\scb\AppData\Roaming\Systweak
[2013/03/22 05:54:46 | 000,000,000 | ---D | M] -- C:\Users\scb\AppData\Roaming\XnView
[2013/02/12 05:11:21 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/16 08:00:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/11/20 10:27:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Applications
[2013/03/13 13:01:07 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJ
[2013/05/12 13:54:31 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM
[2013/03/13 12:58:11 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2013/03/13 12:55:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenuEX
[2013/03/13 12:54:13 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/11/16 08:00:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/11/16 08:00:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2013/03/15 16:20:41 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2013/01/04 13:09:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Package Cache
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012/11/16 08:00:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/12/31 09:56:03 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM
[2012/12/31 09:51:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2013/01/06 08:21:03 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/11/16 08:00:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/04/22 09:02:27 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:D5FBE8F9
< End of report >
         
--- --- ---
Besten Dank für jegliche Inputs!
Frank

Alt 21.05.2013, 15:59   #2
t'john
/// Helfer-Team
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTLpe

  • Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:
ATTFilter
:OTL

O4 - HKU\scb_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] E:\Documents\26044f61.exe () 
[2013/05/20 08:20:18 | 000,104,452 | ---- | M] () -- C:\ProgramData\2433f433 
[2013/05/20 08:20:16 | 000,034,304 | ---- | M] () -- E:\Documents\26044f61.exe 
[2013/05/01 05:10:42 | 000,000,004 | ---- | C] () -- C:\Users\scb\AppData\Roaming\skype.ini 
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:D5FBE8F9 

:Files 

ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Klicke jetzt auf den Fix Button.
  • Starte danach neu und versuche wieder in den normalen Modus von Windows zu booten.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Im normalen Modus:

2. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 21.05.2013, 16:51   #3
Motormouse
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department



Hallo t'john

Mit dem Neustart hat es leider nicht funktioniert!
Beim Starten kommt dann folgendes cmd.exe Fenster worin steht:

Code:
ATTFilter
Microsoft Windows [Version 6.1.7601]
Copyright <c> 2009 Microsoft Corporation. Alle Rechte vorbehalten.
Der Befehl ""E:\Documents\26044f61.exe"" ist entweder falsch geschrieben oder
konnte nicht gefunden werden.

C:\Windows\system32>
         
Trotzdem habe ich ein Logfile gekriegt:

Code:
ATTFilter
========== OTL ==========
Registry key HKEY_USERS\scb_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
File E:\Documents\26044f61.exe not found.
File C:\ProgramData\2433f433 not found.
File E:\Documents\26044f61.exe not found.
File C:\Users\scb\AppData\Roaming\skype.ini not found.
Unable to delete ADS C:\ProgramData\Temp:D5FBE8F9 .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.
 
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
-> No Temporary Internet Files cache folder defined!
 
User: Default
-> No Temporary Internet Files cache folder defined!
 
User: Default User
-> No Temporary Internet Files cache folder defined!
 
User: Public
-> No Temporary Internet Files cache folder defined!
 
User: scb
-> No Temporary Internet Files cache folder defined!
 
User: UpdatusUser
-> No Temporary Internet Files cache folder defined!
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1642 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 05212013_193653
         
Gruss
Frank
__________________

Alt 21.05.2013, 16:56   #4
t'john
/// Helfer-Team
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department



Die Laufwerksbuchstaben haben sich geaendert.


Lade dir auf einem Zweitrechner bitte OTL (von Oldtimer) herunter und speichere es auf einen USB-Stick (nicht in einen Unterordner!).
  • Schliesse diesen USB-Stick nun an den infizierten Rechner an.
  • Starte den infizierten Computer in den abgesicherten Modus mit Eingabeaufforderung. (Anleitung)
  • In der Kommandozeile gib nun notepad ein und drücke Enter.
    • Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Arbeitsplatz.
    • Lese hier nun den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
    • Schliesse Notepad wieder.

  • Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
    e:\OTL.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
    Es sollte sich nun das Fenster von OTL öffnen.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) angezeigt und auf den USB-Stick gespeichert.
  • Poste bitte auf dem Zweitrechner den Inhalt dieser Logfiles hier in den Thread.
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.05.2013, 17:33   #5
Motormouse
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department



Voilà

Code:
ATTFilter
OTL logfile created on: 21.05.2013 20:19:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = H:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
6.00 Gb Total Physical Memory | 5.41 Gb Available Physical Memory | 90.21% Memory free
11.99 Gb Paging File | 11.41 Gb Available in Paging File | 95.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 46.69 Gb Free Space | 47.81% Space Free | Partition Type: NTFS
Drive D: | 195.32 Gb Total Space | 131.18 Gb Free Space | 67.16% Space Free | Partition Type: NTFS
Drive E: | 172.78 Gb Total Space | 34.87 Gb Free Space | 20.18% Space Free | Partition Type: NTFS
Drive H: | 3.75 Gb Total Space | 3.28 Gb Free Space | 87.45% Space Free | Partition Type: FAT32
 
Computer Name: ISRA | User Name: scb | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.21 20:02:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.30 23:46:46 | 000,296,448 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2012.11.16 14:08:21 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.24 19:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.12 22:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 22:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.06 01:47:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.01.17 12:24:10 | 000,055,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.11.21 05:24:09 | 000,254,464 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2010.11.21 05:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.04.05 21:55:01 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.08 18:15:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008.11.18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.26 20:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.30 23:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.03 02:25:18 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.10.16 07:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.04 04:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV - [2013.05.21 19:39:37 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
 
 
 
 
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 7D 45 50 F3 C3 CD 01  [binary data]
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=de&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10025&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.14 20:04:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.16 11:20:48 | 000,000,000 | ---D | M]
 
[2012.11.16 15:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\scb\AppData\Roaming\mozilla\Extensions
[2013.02.05 19:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\scb\AppData\Roaming\mozilla\Firefox\Profiles\rs93dmg2.default\extensions
[2013.02.05 19:38:29 | 000,169,792 | ---- | M] () (No name found) -- C:\Users\scb\AppData\Roaming\mozilla\firefox\profiles\rs93dmg2.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.12.31 15:46:20 | 000,003,915 | ---- | M] () -- C:\Users\scb\AppData\Roaming\mozilla\firefox\profiles\rs93dmg2.default\searchplugins\sweetim.xml
[2012.11.16 15:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.24 19:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.25 00:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.25 00:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.25 00:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.25 00:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.25 00:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.25 00:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.startfenster.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: Google Drive = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SweetIM for Facebook = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: Google Mail = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SweetIM for Facebook = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: Google Mail = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] E:\Documents\26044f61.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~2\MICROS~1\Office\1031\phdintl.dll/phdContext.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~2\MICROS~1\Office\1031\phdintl.dll/phdContext.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39386E82-0D7E-4B52-B592-B10E3AB0DB05}: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2CABF98-E92F-44D3-B15E-A353D0F66773}: NameServer = 62.112.150.2 62.112.129.138
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001 Winlogon: Shell - (cmd.exe) - cmd.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6422d048-2fd3-11e2-988b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6422d048-2fd3-11e2-988b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\start.exe /checksection
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 00:16:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.16 10:11:32 | 000,000,000 | ---D | C] -- C:\Users\scb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MirageIIIB
[2013.05.12 19:09:53 | 000,000,000 | ---D | C] -- C:\Users\scb\Desktop\Ferien
[2013.05.09 13:13:39 | 000,000,000 | ---D | C] -- C:\Users\scb\AppData\Roaming\CadSoft
[2013.05.01 23:47:43 | 000,000,000 | ---D | C] -- C:\Users\scb\Desktop\Philips Page
[2013.05.01 12:32:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.21 20:19:12 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.21 20:19:12 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.21 20:19:12 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.21 20:19:12 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.21 20:19:12 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.21 20:14:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.21 20:14:50 | 535,535,615 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.21 19:39:47 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.21 19:39:37 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013.05.21 17:02:57 | 000,003,368 | ---- | M] () -- C:\bootsqm.dat
[2013.05.20 20:50:28 | 000,262,144 | ---- | M] () -- C:\Windows\DEFAULT
[2013.05.20 17:54:25 | 000,000,986 | ---- | M] () -- C:\Users\scb\Desktop\WS_FTP95.lnk
[2013.05.20 17:54:25 | 000,000,617 | ---- | M] () -- C:\Users\scb\Desktop\XnView.lnk
[2013.05.20 17:53:14 | 000,000,752 | ---- | M] () -- C:\Users\scb\Desktop\Stellar Phoenix Windows Data Recovery - Professional.lnk
[2013.05.20 17:53:11 | 000,001,230 | ---- | M] () -- C:\Users\scb\Desktop\MirIII_Airports.lnk
[2013.05.20 17:53:04 | 000,001,227 | ---- | M] () -- C:\Users\scb\Desktop\MIIIB_docFRA.lnk
[2013.05.20 17:53:04 | 000,001,227 | ---- | M] () -- C:\Users\scb\Desktop\MIIIB_docENG.lnk
[2013.05.20 17:53:03 | 000,000,823 | ---- | M] () -- C:\Users\scb\Desktop\Instant Scenery Readme.lnk
[2013.05.20 17:53:03 | 000,000,768 | ---- | M] () -- C:\Users\scb\Desktop\LibraryMaker.lnk
[2013.05.20 17:53:03 | 000,000,624 | ---- | M] () -- C:\Users\scb\Desktop\IrfanView.lnk
[2013.05.20 17:53:00 | 000,000,600 | ---- | M] () -- C:\Users\scb\Desktop\FSDyn!.lnk
[2013.05.20 17:52:58 | 000,001,810 | ---- | M] () -- C:\Users\scb\Desktop\Free Video to Flash Converter.lnk
[2013.05.20 17:52:58 | 000,001,069 | ---- | M] () -- C:\Users\scb\Desktop\FS Design Studio V2.lnk
[2013.05.20 17:52:58 | 000,000,639 | ---- | M] () -- C:\Users\scb\Desktop\DXTBmp.lnk
[2013.05.20 17:51:43 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.05.20 17:51:43 | 000,001,681 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.20 17:51:43 | 000,001,678 | ---- | M] () -- C:\Users\Public\Desktop\REX Essential Plus Overdrive.lnk
[2013.05.20 17:51:43 | 000,000,743 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013.lnk
[2013.05.20 14:20:18 | 000,104,506 | ---- | M] () -- C:\Users\scb\AppData\Local\2433f433
[2013.05.20 14:19:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.20 14:09:42 | 000,082,182 | ---- | M] () -- C:\Users\scb\Desktop\Valvo_VHF_VD1.jpg
[2013.05.20 13:53:56 | 000,002,540 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0473_mov.HDP
[2013.05.20 13:40:08 | 002,869,549 | ---- | M] () -- C:\Users\scb\Desktop\Versuch_1.wmv
[2013.05.20 12:53:22 | 042,582,746 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0478.MOV
[2013.05.20 12:52:42 | 037,842,707 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0477.MOV
[2013.05.20 12:52:18 | 018,553,411 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0476.MOV
[2013.05.20 12:31:14 | 053,684,982 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0473.MOV
[2013.05.20 11:04:10 | 000,022,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.20 11:04:10 | 000,022,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.19 18:39:49 | 179,042,856 | ---- | M] () -- C:\Users\scb\Desktop\fs9 2013-05-19 17-58-44-84.avi
[2013.05.19 18:38:42 | 167,944,013 | ---- | M] () -- C:\Users\scb\Desktop\fs9 2013-05-19 17-58-44-84.zip
[2013.05.19 15:29:09 | 000,093,498 | ---- | M] () -- C:\Users\scb\Desktop\Onken_Grundplatte.jpg
[2013.05.19 15:28:18 | 000,121,106 | ---- | M] () -- C:\Users\scb\Desktop\Onken_Grundplatte_2.jpg
[2013.05.18 02:24:57 | 002,049,724 | ---- | M] () -- C:\Users\scb\Desktop\Unbenannt.png
[2013.05.16 14:23:07 | 000,080,632 | ---- | M] () -- C:\Users\scb\Desktop\BC238.jpg
[2013.05.16 14:20:45 | 000,877,082 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0449.jpg
[2013.05.16 14:20:09 | 000,267,756 | ---- | M] () -- C:\Users\scb\Desktop\P1010024.jpg
[2013.05.16 10:09:30 | 104,118,337 | ---- | M] () -- C:\Users\scb\Desktop\restauravia_M3B_v1.zip
[2013.05.16 10:00:33 | 000,033,059 | ---- | M] () -- C:\Users\scb\Desktop\Pikettdienst_Arbeitsgesetz.pdf
[2013.05.16 09:54:17 | 000,028,794 | ---- | M] () -- C:\Users\scb\Desktop\ArGV1_art14_april2010_de.pdf
[2013.05.15 17:58:39 | 000,183,931 | ---- | M] () -- C:\Users\scb\Desktop\BRE_New.jpg
[2013.05.14 23:52:18 | 002,708,992 | ---- | M] () -- C:\Users\scb\Desktop\Background_3.mix
[2013.05.14 23:45:43 | 000,627,489 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0434.jpg
[2013.05.14 00:51:40 | 001,817,600 | ---- | M] () -- C:\Users\scb\Desktop\Background_2.mix
[2013.05.13 21:44:48 | 000,787,725 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0430.jpg
[2013.05.13 12:00:26 | 002,018,198 | ---- | M] () -- C:\Users\scb\Desktop\2006-10-08 Bau- und Betriebsanleitung MegaScopeClock V 2 (2).pdf
[2013.05.13 12:00:26 | 002,018,198 | ---- | M] () -- C:\Users\scb\Desktop\2006-10-08 Bau- und Betriebsanleitung MegaScopeClock V 2 (2) - Kopie.pdf
[2013.05.13 12:00:26 | 002,018,198 | ---- | M] () -- C:\Users\scb\Desktop\2006-10-08 Bau- und Betriebsanleitung MegaScopeClock V 2 (2) - Kopie - Kopie.pdf
[2013.05.12 19:43:44 | 000,000,471 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.05.10 12:59:04 | 000,078,988 | ---- | M] () -- C:\Users\scb\Desktop\d7-16gj.pdf
[2013.05.09 16:16:56 | 000,000,539 | ---- | M] () -- C:\Users\scb\Desktop\basket.xml
[2013.05.07 16:47:52 | 000,090,338 | ---- | M] () -- C:\Users\scb\Desktop\Schema1007_new.jpg
[2013.05.06 19:41:48 | 000,097,783 | ---- | M] () -- C:\Users\scb\Desktop\Onken.jpg
[2013.05.05 18:47:22 | 000,030,965 | ---- | M] () -- C:\Users\scb\Desktop\IMG_0719.jpg
[2013.05.05 14:48:27 | 000,143,872 | ---- | M] () -- C:\Users\scb\Desktop\BRE.mix
[2013.05.05 14:22:50 | 000,776,192 | ---- | M] () -- C:\Users\scb\Desktop\Schema1007_2.mix
[2013.05.05 12:55:47 | 000,072,651 | ---- | M] () -- C:\Users\scb\Desktop\Schema1007.jpg
[2013.05.02 01:59:29 | 001,254,912 | ---- | M] () -- C:\Users\scb\Desktop\logo.mix
[2013.05.02 01:30:00 | 000,047,675 | ---- | M] () -- C:\Users\scb\Desktop\Philips-logo.png
[2013.05.01 23:47:28 | 000,345,600 | ---- | M] () -- C:\Users\scb\Desktop\Background.mix
[2013.04.30 11:40:52 | 000,000,687 | ---- | M] () -- C:\Users\scb\Desktop\Homepages.lnk
[2013.04.27 10:55:08 | 000,140,602 | ---- | M] () -- E:\Documents\BC 326.jpg
 
========== Files Created - No Company Name ==========
 
[2013.05.22 01:34:07 | 000,262,144 | ---- | C] () -- C:\Windows\DEFAULT
[2013.05.21 17:02:57 | 000,003,368 | ---- | C] () -- C:\bootsqm.dat
[2013.05.20 14:20:18 | 000,104,506 | ---- | C] () -- C:\Users\scb\AppData\Local\2433f433
[2013.05.20 14:08:52 | 000,082,182 | ---- | C] () -- C:\Users\scb\Desktop\Valvo_VHF_VD1.jpg
[2013.05.20 13:53:56 | 000,002,540 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0473_mov.HDP
[2013.05.20 13:53:48 | 042,582,746 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0478.MOV
[2013.05.20 13:53:46 | 037,842,707 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0477.MOV
[2013.05.20 13:53:46 | 018,553,411 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0476.MOV
[2013.05.20 13:39:45 | 002,869,549 | ---- | C] () -- C:\Users\scb\Desktop\Versuch_1.wmv
[2013.05.20 13:33:04 | 053,684,982 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0473.MOV
[2013.05.19 18:36:55 | 167,944,013 | ---- | C] () -- C:\Users\scb\Desktop\fs9 2013-05-19 17-58-44-84.zip
[2013.05.19 17:59:14 | 179,042,856 | ---- | C] () -- C:\Users\scb\Desktop\fs9 2013-05-19 17-58-44-84.avi
[2013.05.19 15:29:09 | 000,093,498 | ---- | C] () -- C:\Users\scb\Desktop\Onken_Grundplatte.jpg
[2013.05.19 15:28:18 | 000,121,106 | ---- | C] () -- C:\Users\scb\Desktop\Onken_Grundplatte_2.jpg
[2013.05.18 02:24:15 | 002,049,724 | ---- | C] () -- C:\Users\scb\Desktop\Unbenannt.png
[2013.05.16 14:22:11 | 000,080,632 | ---- | C] () -- C:\Users\scb\Desktop\BC238.jpg
[2013.05.16 14:20:09 | 000,267,756 | ---- | C] () -- C:\Users\scb\Desktop\P1010024.jpg
[2013.05.16 14:12:51 | 000,877,082 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0449.jpg
[2013.05.16 10:11:32 | 000,001,230 | ---- | C] () -- C:\Users\scb\Desktop\MirIII_Airports.lnk
[2013.05.16 10:11:32 | 000,001,227 | ---- | C] () -- C:\Users\scb\Desktop\MIIIB_docFRA.lnk
[2013.05.16 10:11:32 | 000,001,227 | ---- | C] () -- C:\Users\scb\Desktop\MIIIB_docENG.lnk
[2013.05.16 10:08:09 | 104,118,337 | ---- | C] () -- C:\Users\scb\Desktop\restauravia_M3B_v1.zip
[2013.05.16 10:00:33 | 000,033,059 | ---- | C] () -- C:\Users\scb\Desktop\Pikettdienst_Arbeitsgesetz.pdf
[2013.05.16 09:54:17 | 000,028,794 | ---- | C] () -- C:\Users\scb\Desktop\ArGV1_art14_april2010_de.pdf
[2013.05.15 17:58:39 | 000,183,931 | ---- | C] () -- C:\Users\scb\Desktop\BRE_New.jpg
[2013.05.14 23:52:17 | 002,708,992 | ---- | C] () -- C:\Users\scb\Desktop\Background_3.mix
[2013.05.14 23:45:43 | 000,627,489 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0434.jpg
[2013.05.14 10:32:46 | 002,018,198 | ---- | C] () -- C:\Users\scb\Desktop\2006-10-08 Bau- und Betriebsanleitung MegaScopeClock V 2 (2) - Kopie - Kopie.pdf
[2013.05.14 10:26:57 | 002,018,198 | ---- | C] () -- C:\Users\scb\Desktop\2006-10-08 Bau- und Betriebsanleitung MegaScopeClock V 2 (2) - Kopie.pdf
[2013.05.13 22:04:40 | 001,817,600 | ---- | C] () -- C:\Users\scb\Desktop\Background_2.mix
[2013.05.13 21:44:15 | 000,787,725 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0430.jpg
[2013.05.13 12:00:26 | 002,018,198 | ---- | C] () -- C:\Users\scb\Desktop\2006-10-08 Bau- und Betriebsanleitung MegaScopeClock V 2 (2).pdf
[2013.05.10 12:59:04 | 000,078,988 | ---- | C] () -- C:\Users\scb\Desktop\d7-16gj.pdf
[2013.05.09 16:16:56 | 000,000,539 | ---- | C] () -- C:\Users\scb\Desktop\basket.xml
[2013.05.07 15:09:50 | 000,090,338 | ---- | C] () -- C:\Users\scb\Desktop\Schema1007_new.jpg
[2013.05.06 19:41:48 | 000,097,783 | ---- | C] () -- C:\Users\scb\Desktop\Onken.jpg
[2013.05.05 18:47:22 | 000,030,965 | ---- | C] () -- C:\Users\scb\Desktop\IMG_0719.jpg
[2013.05.05 14:48:27 | 000,143,872 | ---- | C] () -- C:\Users\scb\Desktop\BRE.mix
[2013.05.05 14:22:50 | 000,776,192 | ---- | C] () -- C:\Users\scb\Desktop\Schema1007_2.mix
[2013.05.05 12:47:49 | 000,072,651 | ---- | C] () -- C:\Users\scb\Desktop\Schema1007.jpg
[2013.05.02 01:59:29 | 001,254,912 | ---- | C] () -- C:\Users\scb\Desktop\logo.mix
[2013.05.02 01:30:09 | 000,047,675 | ---- | C] () -- C:\Users\scb\Desktop\Philips-logo.png
[2013.05.01 23:47:27 | 000,345,600 | ---- | C] () -- C:\Users\scb\Desktop\Background.mix
[2013.04.30 11:40:55 | 000,000,687 | ---- | C] () -- C:\Users\scb\Desktop\Homepages.lnk
[2013.04.27 19:25:46 | 000,092,214 | ---- | C] () -- C:\Windows\SysNative\matrix.scr
[2013.04.27 10:55:08 | 000,140,602 | ---- | C] () -- E:\Documents\BC 326.jpg
[2013.03.15 21:54:57 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013.03.15 21:26:54 | 000,000,052 | ---- | C] () -- C:\Windows\videodeLuxe.INI
[2013.03.15 21:18:12 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2013.03.15 21:12:30 | 000,001,208 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2013.03.13 18:46:40 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ4809N.DAT
[2013.02.27 19:05:30 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.15 17:06:22 | 000,000,039 | ---- | C] () -- C:\Windows\spwdrp.INI
[2012.11.20 17:17:08 | 000,000,040 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2012.11.16 17:16:40 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012.11.16 17:16:40 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012.11.16 17:16:39 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3070CW.INI
[2012.11.16 17:15:28 | 000,000,471 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.11.16 17:15:26 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.11.16 17:15:26 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.11.16 17:14:56 | 000,000,326 | ---- | C] () -- C:\Windows\Brownie.ini
[2012.11.16 17:05:41 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.11.16 14:04:51 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.11.16 14:04:51 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.01.17 12:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\ASGT.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 21.05.2013 20:19:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = H:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
6.00 Gb Total Physical Memory | 5.41 Gb Available Physical Memory | 90.21% Memory free
11.99 Gb Paging File | 11.41 Gb Available in Paging File | 95.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 46.69 Gb Free Space | 47.81% Space Free | Partition Type: NTFS
Drive D: | 195.32 Gb Total Space | 131.18 Gb Free Space | 67.16% Space Free | Partition Type: NTFS
Drive E: | 172.78 Gb Total Space | 34.87 Gb Free Space | 20.18% Space Free | Partition Type: NTFS
Drive H: | 3.75 Gb Total Space | 3.28 Gb Free Space | 87.45% Space Free | Partition Type: FAT32
 
Computer Name: ISRA | User Name: scb | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1608641657-4023151620-1790342431-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BD592C-A722-40EC-AE8F-7741D27AB2DE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0C7DC496-199A-4C6A-BC09-0F8245F44EE9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{120E1AEB-9219-4AC7-AD4B-C266CD86A9EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{191E054B-CB99-474E-9024-9365D369A02A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{248887C0-73C4-4EAB-BCF7-942A497DB44C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{26514C49-4F06-4968-B7B9-59BAF2817B9A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2C0FD673-EE09-4EE4-8599-C870B7257CF5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5E53D79A-8762-4D08-9B3F-B02DA7F0C8E9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5EFCB6E8-237E-4329-BAB0-2FD6CDFB5106}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{67020595-961F-4F19-987D-8BBE2A12156C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{67BC5FCB-7F89-4BC3-AD85-DECAD42BD593}" = lport=139 | protocol=6 | dir=in | app=system | 
"{67C28E0D-41CE-4020-8C65-279696443B5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6945DED7-3AD0-4B92-AED7-D389C28532FA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{734CFF57-15E2-4C0B-BDF5-7B0219232B6B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{78F08526-D94F-4A24-9CC8-C5D222C2A9D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{85709124-3E8B-4C80-B961-5C899C1642F6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{984186F5-30E5-45B4-A60D-274286988025}" = rport=139 | protocol=6 | dir=out | app=system | 
"{ABC709F6-ACA6-4F45-83C4-D8DE85143144}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AD583A50-4CF6-49D6-9BF9-0F35863F6AAD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B594AE00-99D9-4638-8C9C-1DD4B3779AA5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BEB29DE1-2E7F-4DD4-991F-50C2C68FFC58}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0113DA8-B8F2-4D99-BD30-D5924303F93B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C498E6CD-8EAA-491F-87F4-52CC27CB51C3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CF284082-FFD6-46B5-8821-975150E4C193}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F89420AC-5974-4969-86D8-053F0F5AEE09}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06EB5B3E-92D8-4674-829B-66B33B0D8F12}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{08A40B8D-0992-4B55-8C76-B70F0667D8C4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1486FDAC-D4AF-4FD0-87A7-D6FCCBEC1A26}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1FEE23B9-C721-4ACA-A34F-DEF1390D0E3C}" = protocol=6 | dir=out | app=system | 
"{21D01621-AC99-4F85-9ECB-4E753DF2BD80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2721C036-8C57-4291-9A96-9DC2FC3908CD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{392BF767-FEC6-4987-9751-982185A71510}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{399352B3-FF5C-401C-980C-D6C6384186DA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{449660F7-CE76-4711-BAFD-47C94A539BD3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C1A66AA-5C93-447A-AC58-DA014279E7AC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{519ABD4F-340D-462C-9548-CFAEE3E57EF8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6138CBBB-B354-46BF-8E5D-8D42BA85BD51}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{61C9EBA5-A83F-4455-9BA0-E56063349754}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{678616BC-B0E8-4B1E-9EF6-4A3367392BBB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6873DEB3-B527-401D-8AE6-B85D79ABD855}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{6B627AAF-F275-4E79-93B8-147FE8D08E00}" = protocol=17 | dir=in | app=d:\programme\microsoft games\flight simulator 9\fs9.exe | 
"{73682283-B557-4F3C-A4C1-B3D6D22C25E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{75EADD8D-3921-4FC3-A894-422F45E4FB11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{796A4E36-DDDC-4861-92F8-C0301100416E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7A80B152-F85F-455A-ACC7-D5DD243E4538}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{816807C1-F22D-4E13-B594-37674A50F078}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8670901B-EB5C-4DD2-9315-1C697C019B05}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8FFDC46B-1F3E-472B-883E-F479D8B7188D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9083DC63-459F-44D6-8F89-66FB2E957A8C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{97E69320-849E-4BCB-B132-C247AB2A1078}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{ABB6B26B-4587-4C16-8A10-86AFEBE8E53B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B1D40D05-B6DF-44F4-B42C-711386B0EB75}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B7766375-48BB-49D0-AD4C-0AAB3141491D}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{BCC7600D-BB0F-4E6D-8664-9080CA82D4BA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BEB7E314-3C10-4AB5-B8DA-721C79564E7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEF73FC1-E40C-4B87-9C42-03AB8FBDA3C3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C81077D2-5861-417B-806F-352D4C57AD27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CDE839FC-FFCD-4EBE-B1DF-5054E82D25FF}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{CE8FF971-03F9-4F5E-A141-2566AC7A36B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D02FC892-676C-4E41-889F-3CBE11CDDE29}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E4BEDD6C-DF3F-4385-8CE2-1A8244C338C9}" = protocol=6 | dir=in | app=d:\programme\microsoft games\flight simulator 9\fs9.exe | 
"TCP Query User{23FB9252-517D-4F45-97B2-E78495694D60}D:\programme\microsoft games\flight simulator 9\fs9.exe" = protocol=6 | dir=in | app=d:\programme\microsoft games\flight simulator 9\fs9.exe | 
"TCP Query User{2A78273D-AAA9-4E8D-AF74-873617E6D9DC}D:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=d:\program files\ws_ftp\ws_ftp95.exe | 
"UDP Query User{1039C6B5-9396-4FC9-B477-B8078E3F840E}D:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=d:\program files\ws_ftp\ws_ftp95.exe | 
"UDP Query User{D142E5CF-6801-4D60-A35D-F6CCBEC9DBA8}D:\programme\microsoft games\flight simulator 9\fs9.exe" = protocol=17 | dir=in | app=d:\programme\microsoft games\flight simulator 9\fs9.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{5EDDD103-CF66-40DF-A0B9-DECDC0F017D5}" = MAGIX Video deluxe 2013
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{A3A1D6DC-7CB4-4894-8E54-3A48493EF488}" = MAGIX Speed burnR (MSI)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 304.87
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055983A1-A1BD-46B1-9C5D-BDB624A54E06}" = Mailsoft's - Fly the Tiger
"{08260043-A46C-407D-BADD-610ED5E05661}" = FS Design Studio V3.5.1 
"{12BE408B-65A7-4A5E-90BC-28965F7F08C9}" = Flight Simulator 2004 BGLComp SDK
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"{538E95B8-3808-4BCF-86E2-44D06E099834}" = FS Design Studio V2
"{5F9EEE99-15FE-4AC4-B400-6C6568E87557}" = FS Design Studio V3 
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1208.1
"{8F1F0AEC-8646-4F62-9386-83705EECDC03}" = ALS-SIM Mirage for FSX
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91309FCB-3520-4579-9BD8-6B8BF39C773A}_is1" = VRS F/A-18E Superbug
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F30A684-44DC-4BDF-89ED-70F9021B851F}" = REX Essential Plus Overdrive
"{9FCDA3BF-A003-41E0-A75A-8C5590829A55}" = Brother HL-3070CW
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{BD5AA756-2E57-4AE2-BAB2-3A54DA1C50F4}" = TubeBox
"{bfc92a01-1ae1-4375-befa-7e090bff5f6a}" = TubeBox
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EFFCACBE-98CF-4AAC-8CC9-85EA6D7BF78C}" = Mailsoft's - Fly the Tiger X
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"Active Camera 2004 patch for FS 9.1" = Active Camera 2004 patch for FS 9.1
"Active Camera 2004 version 2.0" = Active Camera 2004 version 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"ATC Radar" = ATC Radar
"AudioCS" = Creative Audio Control Panel
"BG9_is1" = Ben Gurion Airport for FS2004
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt
"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"Free Studio_is1" = Free Studio version 2013
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 5.0.22.128
"FSDyn!" = FSDyn!
"Google Chrome" = Google Chrome
"IBNetPlayer" = IBNetPlayer
"InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"instant scenery2" = Instant Scenery
"IrfanView" = IrfanView (remove only)
"MAGIX_{5EDDD103-CF66-40DF-A0B9-DECDC0F017D5}" = MAGIX Video deluxe 2013
"MAGIX_{A3A1D6DC-7CB4-4894-8E54-3A48493EF488}" = MAGIX Speed burnR (MSI)
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Radar v2.0 for FS2004" = Radar v2.0 for FS2004
"Radar v2.0 for FSX" = Radar v2.0 for FSX
"RAZBAM - SkyHawk's FS2004 Vol4" = RAZBAM - SkyHawk's FS2004 Vol4
"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X
"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1
"Stellar Phoenix Windows Data Recovery - Professional_is1" = Stellar Phoenix Windows Data Recovery - Professional
"Web_4.0.1460.0" = Microsoft Expression Web 4
"XnView_is1" = XnView 1.91.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1608641657-4023151620-1790342431-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FSDSxTweak suite v2.6" = FSDSxTweak suite v2.6
"Israeli Landclass X v1.06" = Israeli Landclass X v1.06
"Mirage IIIB" = Mirage IIIB
"Mirage IIIRS" = Mirage IIIRS
"Mirage IIIS" = Mirage IIIS
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.04.2013 14:08:38 | Computer Name = Isra | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 02.04.2013 14:08:38 | Computer Name = Isra | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 02.04.2013 14:08:38 | Computer Name = Isra | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 02.04.2013 14:08:38 | Computer Name = Isra | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 02.04.2013 14:08:41 | Computer Name = Isra | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 02.04.2013 14:08:41 | Computer Name = Isra | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 02.04.2013 14:08:41 | Computer Name = Isra | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 02.04.2013 14:08:41 | Computer Name = Isra | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 02.04.2013 14:10:04 | Computer Name = Isra | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.04.2013 02:55:59 | Computer Name = Isra | Source = WinMgmt | ID = 10
Description = 
 
 
Error encountered while reading event logs.
 
< End of report >
         


Alt 21.05.2013, 17:42   #6
t'john
/// Helfer-Team
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department



Erstelle zuerst auf einem Zweitrechner das Fixskript:
  • Drücke dazu bitte die + R Taste, schreibe "notepad" in das Ausführen Fenster und drücke OK.
  • Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
    (Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.)
    Code:
    ATTFilter
    :OTL
    
    O4 - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] E:\Documents\26044f61.exe File not found 
    O31 - SafeBoot: UseAlternatShell - 1 
    [2013.05.20 14:20:18 | 000,104,506 | ---- | M] () -- C:\Users\scb\AppData\Local\2433f433 
    
    :Files 
    
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
             
  • Speichere dann die Datei als fix.txt auf den USB-Stick, wo die OTL.exe liegt.

Danach führe folgendermassen den Fix aus:
  • Schliesse den USB-Stick wieder an den infizierten Rechner an und starte diesen in den abgesicherten Modus mit Eingabeaufforderung.
  • Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
    e:\OTL.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
    Es sollte sich nun das Fenster von OTL öffnen.
  • Klicke auf den Fix Button.
  • Drücke dann OK, um den Fix von einem File zu laden.
  • Wähle die erstellte fix.txt auf dem USB-Stick aus. Ihr Inhalt wird in die Textbox eingefügt.
  • Klicke nun erneut auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach einem Neustart versuche wieder in den normalen Modus zu booten.
  • Auf deinem USB-Stick sollte im Ordner _OTL ein Log-File (\_OTL\MovedFiles\<time_date>.txt) erstellt worden sein.
  • Kopiere nun dessen Inhalt hier in deinen Thread.
__________________
--> Wieder cybercrime investigation department

Alt 21.05.2013, 17:52   #7
Motormouse
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department



Leider wieder selbes cmdexe mit gleichem Text !

Hier das Logfile:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1608641657-4023151620-1790342431-1001\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
C:\Users\scb\AppData\Local\2433f433 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
H:\cmd.bat deleted successfully.
H:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: scb
->Temp folder emptied: 179131151 bytes
->Temporary Internet Files folder emptied: 93859534 bytes
->Java cache emptied: 1407081 bytes
->FireFox cache emptied: 30540207 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1226 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4546 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 14031470 bytes
 
Total Files Cleaned = 304.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05212013_204722
         

Alt 22.05.2013, 13:21   #8
t'john
/// Helfer-Team
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department



Hast du die Windows 7 DVD zur Hand?
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.05.2013, 13:53   #9
Motormouse
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department



Ja habe ich!
Gruss Frank

Alt 22.05.2013, 14:02   #10
t'john
/// Helfer-Team
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department



Starte den Rechner mit der DVD und fuehre dort die Startreparatur durch.
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.05.2013, 14:17   #11
Motormouse
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department



Habe ich gemacht und er hatte auch einen Punkt gefunden, jedoch kommt beim Start immer noch das cmd.exe Fenster mit gleichem Text.

Ich habe dieses 26044f61.exe mal gesucht und folgendes gefunden:
Im C:\windows\Prefetch ist 26044F61.EXE-0791F0BB.pf
Im C:\_OTL\MovedFiles\05212013_181659\E_Documents ist 26044f61.exe drin

Gruss Frank

Alt 22.05.2013, 17:24   #12
t'john
/// Helfer-Team
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department



aehm... bist du nun in WIndows drin oder nicht?


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.05.2013, 18:14   #13
Motormouse
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department



Nein, Windows startet anfangs normal, schaltet dann aber irgendwann auf schwarzen Bildschirm mit eben cmd Fenster. Ich hatte die Festplatte mittels OTLpe nach diesem 26044f61.exe durchsucht gehabt.

Hier die Files die ich wieder über den Stick generiert habe:

Code:
ATTFilter
OTL logfile created on: 22.05.2013 21:04:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = H:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
6.00 Gb Total Physical Memory | 5.25 Gb Available Physical Memory | 87.53% Memory free
11.99 Gb Paging File | 11.31 Gb Available in Paging File | 94.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 46.93 Gb Free Space | 48.05% Space Free | Partition Type: NTFS
Drive D: | 195.32 Gb Total Space | 131.18 Gb Free Space | 67.16% Space Free | Partition Type: NTFS
Drive E: | 172.78 Gb Total Space | 34.87 Gb Free Space | 20.18% Space Free | Partition Type: NTFS
Drive H: | 3.75 Gb Total Space | 3.28 Gb Free Space | 87.43% Space Free | Partition Type: FAT32
 
Computer Name: ISRA | User Name: scb | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.21 20:02:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.30 23:46:46 | 000,296,448 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2012.11.16 14:08:21 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.24 19:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.12 22:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 22:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.06 01:47:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.01.17 12:24:10 | 000,055,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.11.21 05:24:09 | 000,254,464 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2010.11.21 05:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.04.05 21:55:01 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.08 18:15:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008.11.18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.26 20:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.30 23:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.03 02:25:18 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.10.16 07:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.04 04:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV - [2013.05.22 18:34:19 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
 
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 7D 45 50 F3 C3 CD 01  [binary data]
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=de&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.2
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10025&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.14 20:04:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.16 11:20:48 | 000,000,000 | ---D | M]
 
[2012.11.16 15:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\scb\AppData\Roaming\mozilla\Extensions
[2013.02.05 19:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\scb\AppData\Roaming\mozilla\Firefox\Profiles\rs93dmg2.default\extensions
[2013.02.05 19:38:29 | 000,169,792 | ---- | M] () (No name found) -- C:\Users\scb\AppData\Roaming\mozilla\firefox\profiles\rs93dmg2.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.12.31 15:46:20 | 000,003,915 | ---- | M] () -- C:\Users\scb\AppData\Roaming\mozilla\firefox\profiles\rs93dmg2.default\searchplugins\sweetim.xml
[2012.11.16 15:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.16 15:15:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.10.24 19:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007.04.10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2012.10.25 00:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.25 00:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.25 00:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.25 00:03:11 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012.10.25 00:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.25 00:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.25 00:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.startfenster.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: Google Drive = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SweetIM for Facebook = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: Google Mail = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SweetIM for Facebook = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: Google Mail = C:\Users\scb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~2\MICROS~1\Office\1031\phdintl.dll/phdContext.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~2\MICROS~1\Office\1031\phdintl.dll/phdContext.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39386E82-0D7E-4B52-B592-B10E3AB0DB05}: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2CABF98-E92F-44D3-B15E-A353D0F66773}: NameServer = 62.112.150.2 62.112.129.138
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1608641657-4023151620-1790342431-1001 Winlogon: Shell - (cmd.exe) - cmd.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\TSpkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\TSpkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6422d048-2fd3-11e2-988b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6422d048-2fd3-11e2-988b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\start.exe /checksection
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 14 Days ==========
 
[2013.05.22 00:16:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.16 10:11:32 | 000,000,000 | ---D | C] -- C:\Users\scb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MirageIIIB
[2013.05.12 19:09:53 | 000,000,000 | ---D | C] -- C:\Users\scb\Desktop\Ferien
[2013.05.09 13:13:39 | 000,000,000 | ---D | C] -- C:\Users\scb\AppData\Roaming\CadSoft
 
========== Files - Modified Within 14 Days ==========
 
[2013.05.22 21:03:02 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.22 21:03:02 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.22 21:03:02 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.22 21:03:02 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.22 21:03:02 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.22 20:57:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 20:57:19 | 535,535,615 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 18:34:20 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 18:34:19 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013.05.22 18:17:49 | 000,022,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 18:17:49 | 000,022,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 17:02:57 | 000,003,368 | ---- | M] () -- C:\bootsqm.dat
[2013.05.20 20:50:28 | 000,262,144 | ---- | M] () -- C:\Windows\DEFAULT
[2013.05.20 17:54:25 | 000,000,986 | ---- | M] () -- C:\Users\scb\Desktop\WS_FTP95.lnk
[2013.05.20 17:54:25 | 000,000,617 | ---- | M] () -- C:\Users\scb\Desktop\XnView.lnk
[2013.05.20 17:53:14 | 000,000,752 | ---- | M] () -- C:\Users\scb\Desktop\Stellar Phoenix Windows Data Recovery - Professional.lnk
[2013.05.20 17:53:11 | 000,001,230 | ---- | M] () -- C:\Users\scb\Desktop\MirIII_Airports.lnk
[2013.05.20 17:53:04 | 000,001,227 | ---- | M] () -- C:\Users\scb\Desktop\MIIIB_docFRA.lnk
[2013.05.20 17:53:04 | 000,001,227 | ---- | M] () -- C:\Users\scb\Desktop\MIIIB_docENG.lnk
[2013.05.20 17:53:03 | 000,000,823 | ---- | M] () -- C:\Users\scb\Desktop\Instant Scenery Readme.lnk
[2013.05.20 17:53:03 | 000,000,768 | ---- | M] () -- C:\Users\scb\Desktop\LibraryMaker.lnk
[2013.05.20 17:53:03 | 000,000,624 | ---- | M] () -- C:\Users\scb\Desktop\IrfanView.lnk
[2013.05.20 17:53:00 | 000,000,600 | ---- | M] () -- C:\Users\scb\Desktop\FSDyn!.lnk
[2013.05.20 17:52:58 | 000,001,810 | ---- | M] () -- C:\Users\scb\Desktop\Free Video to Flash Converter.lnk
[2013.05.20 17:52:58 | 000,001,069 | ---- | M] () -- C:\Users\scb\Desktop\FS Design Studio V2.lnk
[2013.05.20 17:52:58 | 000,000,639 | ---- | M] () -- C:\Users\scb\Desktop\DXTBmp.lnk
[2013.05.20 17:51:43 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.05.20 17:51:43 | 000,001,681 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.20 17:51:43 | 000,001,678 | ---- | M] () -- C:\Users\Public\Desktop\REX Essential Plus Overdrive.lnk
[2013.05.20 17:51:43 | 000,000,743 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013.lnk
[2013.05.20 14:19:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.20 14:09:42 | 000,082,182 | ---- | M] () -- C:\Users\scb\Desktop\Valvo_VHF_VD1.jpg
[2013.05.20 13:53:56 | 000,002,540 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0473_mov.HDP
[2013.05.20 13:40:08 | 002,869,549 | ---- | M] () -- C:\Users\scb\Desktop\Versuch_1.wmv
[2013.05.20 12:53:22 | 042,582,746 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0478.MOV
[2013.05.20 12:52:42 | 037,842,707 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0477.MOV
[2013.05.20 12:52:18 | 018,553,411 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0476.MOV
[2013.05.20 12:31:14 | 053,684,982 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0473.MOV
[2013.05.19 18:39:49 | 179,042,856 | ---- | M] () -- C:\Users\scb\Desktop\fs9 2013-05-19 17-58-44-84.avi
[2013.05.19 18:38:42 | 167,944,013 | ---- | M] () -- C:\Users\scb\Desktop\fs9 2013-05-19 17-58-44-84.zip
[2013.05.19 15:29:09 | 000,093,498 | ---- | M] () -- C:\Users\scb\Desktop\Onken_Grundplatte.jpg
[2013.05.19 15:28:18 | 000,121,106 | ---- | M] () -- C:\Users\scb\Desktop\Onken_Grundplatte_2.jpg
[2013.05.18 02:24:57 | 002,049,724 | ---- | M] () -- C:\Users\scb\Desktop\Unbenannt.png
[2013.05.16 14:23:07 | 000,080,632 | ---- | M] () -- C:\Users\scb\Desktop\BC238.jpg
[2013.05.16 14:20:45 | 000,877,082 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0449.jpg
[2013.05.16 14:20:09 | 000,267,756 | ---- | M] () -- C:\Users\scb\Desktop\P1010024.jpg
[2013.05.16 10:09:30 | 104,118,337 | ---- | M] () -- C:\Users\scb\Desktop\restauravia_M3B_v1.zip
[2013.05.16 10:00:33 | 000,033,059 | ---- | M] () -- C:\Users\scb\Desktop\Pikettdienst_Arbeitsgesetz.pdf
[2013.05.16 09:54:17 | 000,028,794 | ---- | M] () -- C:\Users\scb\Desktop\ArGV1_art14_april2010_de.pdf
[2013.05.15 17:58:39 | 000,183,931 | ---- | M] () -- C:\Users\scb\Desktop\BRE_New.jpg
[2013.05.14 23:52:18 | 002,708,992 | ---- | M] () -- C:\Users\scb\Desktop\Background_3.mix
[2013.05.14 23:45:43 | 000,627,489 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0434.jpg
[2013.05.14 00:51:40 | 001,817,600 | ---- | M] () -- C:\Users\scb\Desktop\Background_2.mix
[2013.05.13 21:44:48 | 000,787,725 | ---- | M] () -- C:\Users\scb\Desktop\DSC_0430.jpg
[2013.05.13 12:00:26 | 002,018,198 | ---- | M] () -- C:\Users\scb\Desktop\2006-10-08 Bau- und Betriebsanleitung MegaScopeClock V 2 (2).pdf
[2013.05.13 12:00:26 | 002,018,198 | ---- | M] () -- C:\Users\scb\Desktop\2006-10-08 Bau- und Betriebsanleitung MegaScopeClock V 2 (2) - Kopie.pdf
[2013.05.13 12:00:26 | 002,018,198 | ---- | M] () -- C:\Users\scb\Desktop\2006-10-08 Bau- und Betriebsanleitung MegaScopeClock V 2 (2) - Kopie - Kopie.pdf
[2013.05.12 19:43:44 | 000,000,471 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.05.10 12:59:04 | 000,078,988 | ---- | M] () -- C:\Users\scb\Desktop\d7-16gj.pdf
[2013.05.09 16:16:56 | 000,000,539 | ---- | M] () -- C:\Users\scb\Desktop\basket.xml
 
========== Files Created - No Company Name ==========
 
[2013.05.22 01:34:07 | 000,262,144 | ---- | C] () -- C:\Windows\DEFAULT
[2013.05.21 17:02:57 | 000,003,368 | ---- | C] () -- C:\bootsqm.dat
[2013.05.20 14:08:52 | 000,082,182 | ---- | C] () -- C:\Users\scb\Desktop\Valvo_VHF_VD1.jpg
[2013.05.20 13:53:56 | 000,002,540 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0473_mov.HDP
[2013.05.20 13:53:48 | 042,582,746 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0478.MOV
[2013.05.20 13:53:46 | 037,842,707 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0477.MOV
[2013.05.20 13:53:46 | 018,553,411 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0476.MOV
[2013.05.20 13:39:45 | 002,869,549 | ---- | C] () -- C:\Users\scb\Desktop\Versuch_1.wmv
[2013.05.20 13:33:04 | 053,684,982 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0473.MOV
[2013.05.19 18:36:55 | 167,944,013 | ---- | C] () -- C:\Users\scb\Desktop\fs9 2013-05-19 17-58-44-84.zip
[2013.05.19 17:59:14 | 179,042,856 | ---- | C] () -- C:\Users\scb\Desktop\fs9 2013-05-19 17-58-44-84.avi
[2013.05.19 15:29:09 | 000,093,498 | ---- | C] () -- C:\Users\scb\Desktop\Onken_Grundplatte.jpg
[2013.05.19 15:28:18 | 000,121,106 | ---- | C] () -- C:\Users\scb\Desktop\Onken_Grundplatte_2.jpg
[2013.05.18 02:24:15 | 002,049,724 | ---- | C] () -- C:\Users\scb\Desktop\Unbenannt.png
[2013.05.16 14:22:11 | 000,080,632 | ---- | C] () -- C:\Users\scb\Desktop\BC238.jpg
[2013.05.16 14:20:09 | 000,267,756 | ---- | C] () -- C:\Users\scb\Desktop\P1010024.jpg
[2013.05.16 14:12:51 | 000,877,082 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0449.jpg
[2013.05.16 10:11:32 | 000,001,230 | ---- | C] () -- C:\Users\scb\Desktop\MirIII_Airports.lnk
[2013.05.16 10:11:32 | 000,001,227 | ---- | C] () -- C:\Users\scb\Desktop\MIIIB_docFRA.lnk
[2013.05.16 10:11:32 | 000,001,227 | ---- | C] () -- C:\Users\scb\Desktop\MIIIB_docENG.lnk
[2013.05.16 10:08:09 | 104,118,337 | ---- | C] () -- C:\Users\scb\Desktop\restauravia_M3B_v1.zip
[2013.05.16 10:00:33 | 000,033,059 | ---- | C] () -- C:\Users\scb\Desktop\Pikettdienst_Arbeitsgesetz.pdf
[2013.05.16 09:54:17 | 000,028,794 | ---- | C] () -- C:\Users\scb\Desktop\ArGV1_art14_april2010_de.pdf
[2013.05.15 17:58:39 | 000,183,931 | ---- | C] () -- C:\Users\scb\Desktop\BRE_New.jpg
[2013.05.14 23:52:17 | 002,708,992 | ---- | C] () -- C:\Users\scb\Desktop\Background_3.mix
[2013.05.14 23:45:43 | 000,627,489 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0434.jpg
[2013.05.14 10:32:46 | 002,018,198 | ---- | C] () -- C:\Users\scb\Desktop\2006-10-08 Bau- und Betriebsanleitung MegaScopeClock V 2 (2) - Kopie - Kopie.pdf
[2013.05.14 10:26:57 | 002,018,198 | ---- | C] () -- C:\Users\scb\Desktop\2006-10-08 Bau- und Betriebsanleitung MegaScopeClock V 2 (2) - Kopie.pdf
[2013.05.13 22:04:40 | 001,817,600 | ---- | C] () -- C:\Users\scb\Desktop\Background_2.mix
[2013.05.13 21:44:15 | 000,787,725 | ---- | C] () -- C:\Users\scb\Desktop\DSC_0430.jpg
[2013.05.13 12:00:26 | 002,018,198 | ---- | C] () -- C:\Users\scb\Desktop\2006-10-08 Bau- und Betriebsanleitung MegaScopeClock V 2 (2).pdf
[2013.05.10 12:59:04 | 000,078,988 | ---- | C] () -- C:\Users\scb\Desktop\d7-16gj.pdf
[2013.05.09 16:16:56 | 000,000,539 | ---- | C] () -- C:\Users\scb\Desktop\basket.xml
[2013.03.15 21:54:57 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013.03.15 21:26:54 | 000,000,052 | ---- | C] () -- C:\Windows\videodeLuxe.INI
[2013.03.15 21:18:12 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2013.03.15 21:12:30 | 000,001,208 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2013.03.13 18:46:40 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ4809N.DAT
[2013.02.27 19:05:30 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.15 17:06:22 | 000,000,039 | ---- | C] () -- C:\Windows\spwdrp.INI
[2012.11.20 17:17:08 | 000,000,040 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2012.11.16 17:16:40 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012.11.16 17:16:40 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012.11.16 17:16:39 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3070CW.INI
[2012.11.16 17:15:28 | 000,000,471 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.11.16 17:15:26 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.11.16 17:15:26 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.11.16 17:14:56 | 000,000,326 | ---- | C] () -- C:\Windows\Brownie.ini
[2012.11.16 17:05:41 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.11.16 14:04:51 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.11.16 14:04:51 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.01.17 12:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\ASGT.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 22.05.2013 21:04:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = H:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
6.00 Gb Total Physical Memory | 5.25 Gb Available Physical Memory | 87.53% Memory free
11.99 Gb Paging File | 11.31 Gb Available in Paging File | 94.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 46.93 Gb Free Space | 48.05% Space Free | Partition Type: NTFS
Drive D: | 195.32 Gb Total Space | 131.18 Gb Free Space | 67.16% Space Free | Partition Type: NTFS
Drive E: | 172.78 Gb Total Space | 34.87 Gb Free Space | 20.18% Space Free | Partition Type: NTFS
Drive H: | 3.75 Gb Total Space | 3.28 Gb Free Space | 87.43% Space Free | Partition Type: FAT32
 
Computer Name: ISRA | User Name: scb | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1608641657-4023151620-1790342431-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BD592C-A722-40EC-AE8F-7741D27AB2DE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0C7DC496-199A-4C6A-BC09-0F8245F44EE9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{120E1AEB-9219-4AC7-AD4B-C266CD86A9EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{191E054B-CB99-474E-9024-9365D369A02A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{248887C0-73C4-4EAB-BCF7-942A497DB44C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{26514C49-4F06-4968-B7B9-59BAF2817B9A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2C0FD673-EE09-4EE4-8599-C870B7257CF5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5E53D79A-8762-4D08-9B3F-B02DA7F0C8E9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5EFCB6E8-237E-4329-BAB0-2FD6CDFB5106}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{67020595-961F-4F19-987D-8BBE2A12156C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{67BC5FCB-7F89-4BC3-AD85-DECAD42BD593}" = lport=139 | protocol=6 | dir=in | app=system | 
"{67C28E0D-41CE-4020-8C65-279696443B5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6945DED7-3AD0-4B92-AED7-D389C28532FA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{734CFF57-15E2-4C0B-BDF5-7B0219232B6B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{78F08526-D94F-4A24-9CC8-C5D222C2A9D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{85709124-3E8B-4C80-B961-5C899C1642F6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{984186F5-30E5-45B4-A60D-274286988025}" = rport=139 | protocol=6 | dir=out | app=system | 
"{ABC709F6-ACA6-4F45-83C4-D8DE85143144}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AD583A50-4CF6-49D6-9BF9-0F35863F6AAD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B594AE00-99D9-4638-8C9C-1DD4B3779AA5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BEB29DE1-2E7F-4DD4-991F-50C2C68FFC58}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0113DA8-B8F2-4D99-BD30-D5924303F93B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C498E6CD-8EAA-491F-87F4-52CC27CB51C3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CF284082-FFD6-46B5-8821-975150E4C193}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F89420AC-5974-4969-86D8-053F0F5AEE09}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06EB5B3E-92D8-4674-829B-66B33B0D8F12}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{08A40B8D-0992-4B55-8C76-B70F0667D8C4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1486FDAC-D4AF-4FD0-87A7-D6FCCBEC1A26}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1FEE23B9-C721-4ACA-A34F-DEF1390D0E3C}" = protocol=6 | dir=out | app=system | 
"{21D01621-AC99-4F85-9ECB-4E753DF2BD80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2721C036-8C57-4291-9A96-9DC2FC3908CD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{392BF767-FEC6-4987-9751-982185A71510}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{399352B3-FF5C-401C-980C-D6C6384186DA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{449660F7-CE76-4711-BAFD-47C94A539BD3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C1A66AA-5C93-447A-AC58-DA014279E7AC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{519ABD4F-340D-462C-9548-CFAEE3E57EF8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6138CBBB-B354-46BF-8E5D-8D42BA85BD51}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{61C9EBA5-A83F-4455-9BA0-E56063349754}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{678616BC-B0E8-4B1E-9EF6-4A3367392BBB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6873DEB3-B527-401D-8AE6-B85D79ABD855}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{6B627AAF-F275-4E79-93B8-147FE8D08E00}" = protocol=17 | dir=in | app=d:\programme\microsoft games\flight simulator 9\fs9.exe | 
"{73682283-B557-4F3C-A4C1-B3D6D22C25E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{75EADD8D-3921-4FC3-A894-422F45E4FB11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{796A4E36-DDDC-4861-92F8-C0301100416E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7A80B152-F85F-455A-ACC7-D5DD243E4538}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{816807C1-F22D-4E13-B594-37674A50F078}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8670901B-EB5C-4DD2-9315-1C697C019B05}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8FFDC46B-1F3E-472B-883E-F479D8B7188D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9083DC63-459F-44D6-8F89-66FB2E957A8C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{97E69320-849E-4BCB-B132-C247AB2A1078}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{ABB6B26B-4587-4C16-8A10-86AFEBE8E53B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B1D40D05-B6DF-44F4-B42C-711386B0EB75}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B7766375-48BB-49D0-AD4C-0AAB3141491D}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{BCC7600D-BB0F-4E6D-8664-9080CA82D4BA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BEB7E314-3C10-4AB5-B8DA-721C79564E7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEF73FC1-E40C-4B87-9C42-03AB8FBDA3C3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C81077D2-5861-417B-806F-352D4C57AD27}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CDE839FC-FFCD-4EBE-B1DF-5054E82D25FF}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{CE8FF971-03F9-4F5E-A141-2566AC7A36B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D02FC892-676C-4E41-889F-3CBE11CDDE29}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E4BEDD6C-DF3F-4385-8CE2-1A8244C338C9}" = protocol=6 | dir=in | app=d:\programme\microsoft games\flight simulator 9\fs9.exe | 
"TCP Query User{23FB9252-517D-4F45-97B2-E78495694D60}D:\programme\microsoft games\flight simulator 9\fs9.exe" = protocol=6 | dir=in | app=d:\programme\microsoft games\flight simulator 9\fs9.exe | 
"TCP Query User{2A78273D-AAA9-4E8D-AF74-873617E6D9DC}D:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=d:\program files\ws_ftp\ws_ftp95.exe | 
"UDP Query User{1039C6B5-9396-4FC9-B477-B8078E3F840E}D:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=d:\program files\ws_ftp\ws_ftp95.exe | 
"UDP Query User{D142E5CF-6801-4D60-A35D-F6CCBEC9DBA8}D:\programme\microsoft games\flight simulator 9\fs9.exe" = protocol=17 | dir=in | app=d:\programme\microsoft games\flight simulator 9\fs9.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{5EDDD103-CF66-40DF-A0B9-DECDC0F017D5}" = MAGIX Video deluxe 2013
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{A3A1D6DC-7CB4-4894-8E54-3A48493EF488}" = MAGIX Speed burnR (MSI)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 304.87
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055983A1-A1BD-46B1-9C5D-BDB624A54E06}" = Mailsoft's - Fly the Tiger
"{08260043-A46C-407D-BADD-610ED5E05661}" = FS Design Studio V3.5.1 
"{12BE408B-65A7-4A5E-90BC-28965F7F08C9}" = Flight Simulator 2004 BGLComp SDK
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"{538E95B8-3808-4BCF-86E2-44D06E099834}" = FS Design Studio V2
"{5F9EEE99-15FE-4AC4-B400-6C6568E87557}" = FS Design Studio V3 
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1208.1
"{8F1F0AEC-8646-4F62-9386-83705EECDC03}" = ALS-SIM Mirage for FSX
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91309FCB-3520-4579-9BD8-6B8BF39C773A}_is1" = VRS F/A-18E Superbug
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F30A684-44DC-4BDF-89ED-70F9021B851F}" = REX Essential Plus Overdrive
"{9FCDA3BF-A003-41E0-A75A-8C5590829A55}" = Brother HL-3070CW
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{BD5AA756-2E57-4AE2-BAB2-3A54DA1C50F4}" = TubeBox
"{bfc92a01-1ae1-4375-befa-7e090bff5f6a}" = TubeBox
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EFFCACBE-98CF-4AAC-8CC9-85EA6D7BF78C}" = Mailsoft's - Fly the Tiger X
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"Active Camera 2004 patch for FS 9.1" = Active Camera 2004 patch for FS 9.1
"Active Camera 2004 version 2.0" = Active Camera 2004 version 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"ATC Radar" = ATC Radar
"AudioCS" = Creative Audio Control Panel
"BG9_is1" = Ben Gurion Airport for FS2004
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt
"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"Free Studio_is1" = Free Studio version 2013
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 5.0.22.128
"FSDyn!" = FSDyn!
"Google Chrome" = Google Chrome
"IBNetPlayer" = IBNetPlayer
"InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"instant scenery2" = Instant Scenery
"IrfanView" = IrfanView (remove only)
"MAGIX_{5EDDD103-CF66-40DF-A0B9-DECDC0F017D5}" = MAGIX Video deluxe 2013
"MAGIX_{A3A1D6DC-7CB4-4894-8E54-3A48493EF488}" = MAGIX Speed burnR (MSI)
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Radar v2.0 for FS2004" = Radar v2.0 for FS2004
"Radar v2.0 for FSX" = Radar v2.0 for FSX
"RAZBAM - SkyHawk's FS2004 Vol4" = RAZBAM - SkyHawk's FS2004 Vol4
"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X
"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1
"Stellar Phoenix Windows Data Recovery - Professional_is1" = Stellar Phoenix Windows Data Recovery - Professional
"Web_4.0.1460.0" = Microsoft Expression Web 4
"XnView_is1" = XnView 1.91.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1608641657-4023151620-1790342431-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FSDSxTweak suite v2.6" = FSDSxTweak suite v2.6
"Israeli Landclass X v1.06" = Israeli Landclass X v1.06
"Mirage IIIB" = Mirage IIIB
"Mirage IIIRS" = Mirage IIIRS
"Mirage IIIS" = Mirage IIIS
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.04.2013 14:08:38 | Computer Name = Isra | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 02.04.2013 14:08:38 | Computer Name = Isra | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 02.04.2013 14:08:41 | Computer Name = Isra | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 02.04.2013 14:08:41 | Computer Name = Isra | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 02.04.2013 14:08:41 | Computer Name = Isra | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 02.04.2013 14:08:41 | Computer Name = Isra | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 02.04.2013 14:10:04 | Computer Name = Isra | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.04.2013 02:55:59 | Computer Name = Isra | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.04.2013 12:13:41 | Computer Name = Isra | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.04.2013 04:48:23 | Computer Name = Isra | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 22.05.2013 14:57:27 | Computer Name = Isra | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "NetIO-Legacy-TDI-Supporttreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 22.05.2013 14:57:27 | Computer Name = Isra | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist vom Dienst "Ancillary 
Function Driver for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 22.05.2013 14:57:27 | Computer Name = Isra | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst 
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 22.05.2013 14:57:27 | Computer Name = Isra | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2013 14:57:27 | Computer Name = Isra | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2013 14:57:27 | Computer Name = Isra | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst 
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 22.05.2013 14:57:27 | Computer Name = Isra | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2013 14:57:27 | Computer Name = Isra | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2013 14:57:27 | Computer Name = Isra | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2013 14:57:28 | Computer Name = Isra | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  CSC  DfsC  discache  MpFilter  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  tdx  Wanarpv6  WfpLwf
 
 
< End of report >
         

Alt 22.05.2013, 18:41   #14
t'john
/// Helfer-Team
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department



Zitat:
Nein, Windows startet anfangs normal, schaltet dann aber irgendwann auf schwarzen Bildschirm mit eben cmd Fenster.
Was passiert, wenn du explorer.exe eintippst und Enter drueckst?
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.05.2013, 18:46   #15
Motormouse
 
Wieder cybercrime investigation department - Standard

Wieder cybercrime investigation department



mein Desktop erscheint wieder (im abgesicherten Modus)

Antwort

Themen zu Wieder cybercrime investigation department
adobe, autorun, bonjour, canon, cybercrime investigation department, entfernen, explorer, format, gesperrt, helper, kaspersky, launch, microsoft, mozilla, nvidia, plug-in, programme, realtek, registry, scan, security, softwareupdater, sweetpacks, tarma, trojan.downloader, virus



Ähnliche Themen: Wieder cybercrime investigation department


  1. cybercrime investigation schweizerische Eidg. Hilfe
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (18)
  2. Schweiz. Eidgenossenschaft Polizei Cybercrime Investigation Department Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (14)
  3. Cybercrime investigation department Schweizer Eidgenossenschaft
    Log-Analyse und Auswertung - 19.01.2013 (14)
  4. Cybercrime Investigation Department Virus Schweiz
    Plagegeister aller Art und deren Bekämpfung - 17.12.2012 (31)
  5. Computer gesperrt "POLIZEI Cybercrime Investigation Department" , Ukash / Schweizerische Eidgenossenschaft
    Log-Analyse und Auswertung - 16.12.2012 (14)
  6. Cybercrime Investigation Virus 735b...
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (5)
  7. Cybercrime Investigation Virus
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (22)
  8. Computer von "POLIZEI Cybercrime Investigation Department" gesperrt
    Log-Analyse und Auswertung - 05.11.2012 (9)
  9. Cybercrime investigation department österreich malware
    Log-Analyse und Auswertung - 07.10.2012 (3)
  10. Cybercrime Investigation Österreich
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (5)
  11. Cybercrime investigation department österreich malware
    Log-Analyse und Auswertung - 14.09.2012 (9)
  12. Cybercrime Investigation Department - PC gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (3)
  13. Polizei Cybercrime Investigation
    Log-Analyse und Auswertung - 11.09.2012 (7)
  14. Cybercrime investigation department österreich
    Log-Analyse und Auswertung - 29.08.2012 (3)
  15. Cybercrime Investigation Department Virus/Malware
    Log-Analyse und Auswertung - 14.08.2012 (4)
  16. Cybercrime investigation department MALWARE
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (31)
  17. Cybercrime investigation department, Maleware
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (3)

Zum Thema Wieder cybercrime investigation department - Hallo Zusammen! Nun, auch mich hat's zum zweiten mal erwischt. Das erste mal konnte ich den Virus über einen zweiten PC mit Kaspersky entfernen, dieses mal ist Fehlanzeige damit. Der - Wieder cybercrime investigation department...
Archiv
Du betrachtest: Wieder cybercrime investigation department auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.