| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verdacht auf unbekannten Virus!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.05.2012, 10:51
| #1 |
| |  Verdacht auf unbekannten Virus! Hallo, Ich weiß nicht was ich noch machen soll und komme alleine nicht weiter. Ich habe täglich mehrmals einen Bluescreen, größtenteils kurz vor dem herunterfahren. Als Internetbrowser habe ich Opera, der auch mehrmals während einer Sitzung abstürzt oder sich erst aufhängt und dann abstürzt bei weniger als 10 Tabs, und ungewöhnlich viel Systemleistung beansprucht. Vor ein paar Tagen ploppte auch immer eine leere Internetseite auf, die anfing mit www.p4-... Das passierte mehrmals täglich, meistens Abends. Auch hat sich die Pc Leistung verringert und der Pc braucht länger um hochzufahren und runterzufahren. Ich hab den Verdacht auf irgendein Virus, hab aber schon mehrere Virenprogramme durchlaufen lassen, einige Viren gefunden und beseitigt. Aber die obengenannten Probleme bestehen weiter fort. Ich bitte vielmals um eure Hilfe, ich bin mit meinem Latein nämlich am Ende..  OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 31.05.2012 12:16:38 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Philip\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 49,55% Memory free 7,99 Gb Paging File | 5,34 Gb Available in Paging File | 66,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,10 Gb Total Space | 8,09 Gb Free Space | 8,09% Space Free | Partition Type: NTFS Drive D: | 365,57 Gb Total Space | 228,84 Gb Free Space | 62,60% Space Free | Partition Type: NTFS Drive E: | 11,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: AKASHA | User Name: Philip | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.31 12:12:47 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Philip\Downloads\OTL.exe PRC - [2012.05.30 18:58:16 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012.05.27 07:48:33 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programme\avgidsagent.exe PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programme\avgtray.exe PRC - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.03.07 01:15:13 | 000,134,920 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programme\avgwdsvc.exe PRC - [2010.05.20 10:04:14 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2012.05.27 07:48:34 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll MOD - [2012.05.27 07:48:34 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2012.05.27 07:48:34 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2012.05.27 07:48:34 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2012.05.27 07:48:34 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2012.05.27 07:48:34 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2012.05.27 07:48:34 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2012.05.27 07:48:34 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2012.05.27 07:48:34 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2012.05.27 07:48:34 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2012.05.27 07:48:34 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2012.05.27 07:48:34 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012.05.27 07:48:34 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll MOD - [2012.05.23 03:56:50 | 000,441,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll MOD - [2012.05.23 03:56:49 | 003,922,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll MOD - [2012.05.23 03:55:35 | 000,553,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\libglesv2.dll MOD - [2012.05.23 03:55:33 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\libegl.dll MOD - [2012.05.23 03:55:24 | 000,134,696 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avutil-51.dll MOD - [2012.05.23 03:55:23 | 000,250,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avformat-54.dll MOD - [2012.05.23 03:55:21 | 002,375,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll MOD - [2012.05.23 03:06:23 | 008,743,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll MOD - [2012.05.23 03:06:23 | 008,743,584 | ---- | M] () -- C:\PROGRA~2\Google\Chrome\APPLIC~1\190108~1.52\gcswf32.dll MOD - [2012.05.04 20:58:10 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.05.24 23:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2009.07.14 03:41:53 | 000,159,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\regsvc.dll -- (RemoteRegistry) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV - [2012.05.30 01:10:31 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai) SRV - [2012.05.29 11:33:22 | 001,564,368 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru) SRV - [2012.05.23 19:20:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012.05.23 19:20:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012.05.04 20:58:12 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programme\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.04.25 18:31:25 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE -- (ICQ Service) SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.03.07 01:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programme\avgwdsvc.exe -- (avgwd) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.20 18:14:26 | 000,670,224 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock) SRV - [2011.04.11 11:57:02 | 000,029,040 | ---- | M] (BitDefender) [Auto | Running] -- D:\Programme\BitDefender\TrafficLight\bsserv.exe -- (bsserv) SRV - [2010.11.30 18:03:00 | 004,023,760 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.05.20 10:04:14 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys -- (dump_wmimmc) DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.03.07 01:04:31 | 000,141,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.03.07 01:03:29 | 000,258,904 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2) DRV:64bit: - [2012.03.07 01:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.03.07 00:44:51 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011.09.01 07:43:33 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2011.05.25 01:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.01 21:41:00 | 001,349,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.09.04 07:39:10 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20) DRV:64bit: - [2009.07.31 12:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv) DRV:64bit: - [2009.07.17 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.06.29 18:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2009.06.29 18:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake) DRV:64bit: - [2009.06.18 12:54:10 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\1AE1.tmp -- (MEMSWEEP2) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.07 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.04.09 13:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2007.11.02 14:22:28 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2011.02.25 15:39:50 | 000,102,992 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- D:\Programme\BitDefender\TrafficLight\bdfwfpf.sys -- (bdfwfpf_bs) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.06.18 12:55:41 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks) DRV - [2004.12.30 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} IE - HKCU\..\SearchScopes\{DCEE1DF9-4D54-4962-BA08-5A3F603AA5C0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=38d4c0e4-1003-413a-af5e-421d1df8217c&apn_sauid=941AEE56-6F9B-41F5-BC64-D06C8E5AB1E7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.0&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@gametree.co.kr/GTL: C:\ProgramData\Gametree\GTL\npGTL.dll (NtreevSoft) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Programme\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Philip\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.30 18:58:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: D:\Programme\Firefox4\ [2012.05.29 09:47:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: D:\Programme\Firefox\DoNotTrack\ [2012.05.26 10:38:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.05.29 23:32:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.30 18:58:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 18:31:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.30 18:58:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.30 18:58:30 | 000,000,000 | ---D | M] [2012.05.29 15:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philip\AppData\Roaming\mozilla\Extensions [2011.08.21 07:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philip\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.30 10:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\4thsfdhd.default\extensions [2012.05.29 11:33:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\4thsfdhd.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.05.30 10:00:30 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\4thsfdhd.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.05.30 09:59:14 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\4thsfdhd.default\extensions\4fc312088e75b@4fc312088e794.info [2012.05.28 16:52:59 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\4thsfdhd.default\extensions\ffxtlbr@incredibar.com [2012.01.02 07:03:06 | 000,002,401 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\4thsfdhd.default\searchplugins\askcom.xml [2012.05.29 11:33:19 | 000,000,168 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\4thsfdhd.default\searchplugins\icqplugin.gif [2012.05.29 11:33:19 | 000,000,618 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\4thsfdhd.default\searchplugins\icqplugin.src [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\4thsfdhd.default\searchplugins\icqplugin.xml [2012.05.28 16:52:52 | 000,002,203 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\4thsfdhd.default\searchplugins\MyStart Search.xml [2012.04.20 20:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.29 23:32:05 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.05.29 15:20:18 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\PHILIP\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM [2012.04.25 18:31:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.14 20:45:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.05.30 18:58:21 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.02.26 14:20:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.26 14:20:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.26 14:20:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.26 14:20:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.26 14:20:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.26 14:20:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Gametree Web Launcher Plugin (Enabled) = C:\ProgramData\Gametree\GTL\npGTL.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Philip\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: VLC Web Plugin (Enabled) = D:\Programme\VLC\npvlc.dll CHR - Extension: YouTube = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: General Crawler = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\ CHR - Extension: avast! WebRep = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: AVG Safe Search = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\ CHR - Extension: AVG Do Not Track = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Google Mail = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Codecv = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pobikflgcoflphcbliepklcicbfhcnhf\1.0_0\ O1 HOSTS File: ([2012.03.30 15:22:58 | 000,601,715 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost #[IPv6] O1 - Hosts: 127.0.0.1 fr.a2dfp.net O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 abcstats.com O1 - Hosts: 127.0.0.1 a.abv.bg O1 - Hosts: 127.0.0.1 adserver.abv.bg O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 ca.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 achmedia.com O1 - Hosts: 127.0.0.1 aconti.net O1 - Hosts: 127.0.0.1 secure.aconti.net O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti] O1 - Hosts: 127.0.0.1 am1.activemeter.com O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ads.activepower.net O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 cms.ad2click.nl O1 - Hosts: 16118 more lines... O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Programme\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programme\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (Codecv Class) - {074E4AFC-BEE7-8EF0-0ABB-3C95DEA4A511} - C:\ProgramData\Codecv\bhoclass.dll () O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Programme\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programme\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [AVG_TRAY] D:\Programme\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Programme\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Programme\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Cindy O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D637968A-5021-4728-9D6C-962AD6B8C66F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3F182AC-DB3D-4623-8033-0079231D1A4D}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\avgppa.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\avgpp.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{050fe09f-b99f-11e0-8ce0-001e101fe5e1}\Shell - "" = AutoRun O33 - MountPoints2\{050fe09f-b99f-11e0-8ce0-001e101fe5e1}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{14e6b443-b9ac-11e0-b019-001e101f1f81}\Shell - "" = AutoRun O33 - MountPoints2\{14e6b443-b9ac-11e0-b019-001e101f1f81}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{4e046c9f-b980-11e0-aea6-001e101f50a4}\Shell - "" = AutoRun O33 - MountPoints2\{4e046c9f-b980-11e0-aea6-001e101f50a4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{4e046cb1-b980-11e0-aea6-001e101f50a4}\Shell - "" = AutoRun O33 - MountPoints2\{4e046cb1-b980-11e0-aea6-001e101f50a4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f82ded3f-b96d-11e0-847e-f46d0429b6de}\Shell - "" = AutoRun O33 - MountPoints2\{f82ded3f-b96d-11e0-847e-f46d0429b6de}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f82dedfe-b96d-11e0-847e-f46d0429b6de}\Shell - "" = AutoRun O33 - MountPoints2\{f82dedfe-b96d-11e0-847e-f46d0429b6de}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (D:\PROGRA~1\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.30 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Local\Real [2012.05.30 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012.05.30 18:58:18 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.05.30 18:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2012.05.30 18:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.05.30 10:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDefender TrafficLight [2012.05.30 10:00:36 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\QuickScan [2012.05.30 01:19:24 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Local\ElevatedDiagnostics [2012.05.30 01:05:35 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.05.30 00:38:03 | 000,000,000 | ---D | C] -- C:\PoW24 [2012.05.29 23:39:23 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.05.29 23:39:22 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.05.29 23:39:19 | 000,141,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys [2012.05.29 23:39:09 | 000,258,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys [2012.05.29 23:39:08 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.05.29 23:39:08 | 000,028,504 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2012.05.29 23:39:07 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.05.29 23:39:07 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys [2012.05.29 23:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2012.05.29 23:32:22 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Local\Google [2012.05.29 23:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.05.29 23:32:16 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.05.29 23:31:57 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.05.29 23:31:56 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.05.29 15:20:29 | 000,000,000 | ---D | C] -- C:\Users\Philip\Desktop\Download [2012.05.29 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\Media Finder [2012.05.29 15:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder [2012.05.29 11:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M [2012.05.29 11:44:21 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\ICQ Search [2012.05.29 11:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\icq [2012.05.29 11:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar [2012.05.29 11:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guard-ICQ [2012.05.29 11:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2012.05.29 09:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.05.29 09:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.05.28 22:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView [2012.05.28 22:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.05.28 17:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2012.05.28 17:28:03 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Local\WinZip [2012.05.28 17:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2012.05.28 17:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2012.05.28 17:24:51 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\uTorrent [2012.05.28 16:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2012.05.28 16:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv [2012.05.28 16:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv [2012.05.28 16:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2012.05.28 14:43:53 | 000,000,000 | ---D | C] -- C:\Users\Philip\Desktop\Characterizer [2012.05.28 14:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Characterizer [2012.05.26 16:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.05.26 16:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.05.26 11:05:54 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\AVG [2012.05.26 11:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.05.26 10:40:12 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\AVG2012 [2012.05.26 10:38:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2012.05.26 10:38:14 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.05.26 10:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012.05.26 10:38:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2012.05.26 10:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.05.26 09:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SE-SOFT.COM [2012.05.22 13:06:04 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys [2012.05.21 01:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.05.21 01:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.05.21 01:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.05.21 01:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.05.20 19:49:24 | 000,000,000 | ---D | C] -- C:\Users\Philip\Documents\ICQ [2012.05.13 17:21:50 | 000,000,000 | ---D | C] -- C:\Users\Philip\Desktop\BS [2012.05.13 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\Philip\Desktop\bildschirmschoner [2012.05.09 13:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.31 12:12:28 | 000,000,000 | ---- | M] () -- C:\Users\Philip\defogger_reenable [2012.05.31 11:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.31 11:42:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.31 11:34:58 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.31 11:34:58 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.31 11:27:21 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.31 11:26:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.31 09:10:37 | 099,522,551 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.05.30 19:43:05 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.30 18:58:43 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.05.30 18:58:42 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk [2012.05.30 18:58:18 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.05.30 14:09:31 | 000,205,791 | ---- | M] () -- C:\Users\Philip\Desktop\MeinsOo.png [2012.05.30 14:09:31 | 000,026,480 | ---- | M] () -- C:\Users\Philip\.recently-used.xbel [2012.05.30 00:37:46 | 000,002,553 | ---- | M] () -- C:\Users\Public\Desktop\Osrik.exe.lnk [2012.05.29 23:39:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.05.29 23:38:21 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2012.05.29 18:41:05 | 000,057,526 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012.05.29 14:12:32 | 000,302,148 | ---- | M] () -- C:\Users\Philip\Desktop\bilder 350.jpg [2012.05.29 11:44:21 | 000,000,676 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7M.lnk [2012.05.29 11:44:21 | 000,000,161 | ---- | M] () -- C:\Users\Public\Desktop\Suche im Internet.url [2012.05.29 09:34:51 | 000,000,610 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.05.29 09:24:50 | 000,003,584 | ---- | M] () -- C:\Users\Philip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.28 22:45:04 | 000,000,755 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk [2012.05.28 22:45:04 | 000,000,671 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk [2012.05.28 22:28:53 | 000,016,045 | ---- | M] () -- C:\Users\Philip\Desktop\00009279.gif [2012.05.28 17:28:06 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk [2012.05.28 17:27:28 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012.05.28 14:40:59 | 000,517,709 | ---- | M] () -- C:\Users\Philip\Desktop\characterizer.zip [2012.05.27 07:48:34 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.05.26 19:31:14 | 001,095,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.26 19:31:14 | 000,747,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.26 19:31:14 | 000,268,152 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.26 19:31:14 | 000,230,210 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.26 19:31:14 | 000,005,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.26 18:31:11 | 000,007,627 | ---- | M] () -- C:\Users\Philip\AppData\Local\Resmon.ResmonCfg [2012.05.26 10:38:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012.05.26 10:38:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012.05.23 19:24:38 | 000,000,376 | RH-- | M] () -- C:\Windows\ctfile.rfc [2012.05.23 19:20:21 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.05.23 19:20:21 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.05.15 21:13:12 | 000,000,104 | ---- | M] () -- C:\Users\Philip\Desktop\Systemsteuerung - Verknüpfung.lnk [2012.05.13 03:16:20 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.11 23:00:29 | 000,157,934 | ---- | M] () -- C:\Users\Philip\Documents\ts3_clientui-win32-1334913258-2012-05-11 22_59_46.433184.dmp [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.31 12:12:28 | 000,000,000 | ---- | C] () -- C:\Users\Philip\defogger_reenable [2012.05.31 09:10:37 | 099,522,551 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.05.30 18:58:43 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.05.30 18:58:42 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk [2012.05.30 18:57:08 | 000,002,340 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.30 14:09:31 | 000,026,480 | ---- | C] () -- C:\Users\Philip\.recently-used.xbel [2012.05.30 12:27:32 | 000,205,791 | ---- | C] () -- C:\Users\Philip\Desktop\MeinsOo.png [2012.05.30 00:37:46 | 000,002,565 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Osrik.lnk [2012.05.30 00:37:46 | 000,002,553 | ---- | C] () -- C:\Users\Public\Desktop\Osrik.exe.lnk [2012.05.29 23:38:21 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2012.05.29 23:32:31 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.29 23:32:29 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.29 18:41:04 | 000,057,526 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012.05.29 14:12:32 | 000,302,148 | ---- | C] () -- C:\Users\Philip\Desktop\bilder 350.jpg [2012.05.29 11:44:21 | 000,000,676 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7M.lnk [2012.05.29 11:44:21 | 000,000,161 | ---- | C] () -- C:\Users\Public\Desktop\Suche im Internet.url [2012.05.29 09:34:51 | 000,000,610 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.05.29 09:24:50 | 000,003,584 | ---- | C] () -- C:\Users\Philip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.28 22:45:04 | 000,000,755 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk [2012.05.28 22:45:04 | 000,000,671 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk [2012.05.28 22:27:14 | 000,016,045 | ---- | C] () -- C:\Users\Philip\Desktop\00009279.gif [2012.05.28 17:28:06 | 000,002,261 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk [2012.05.28 17:27:28 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012.05.28 14:40:59 | 000,517,709 | ---- | C] () -- C:\Users\Philip\Desktop\characterizer.zip [2012.05.27 07:48:34 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.05.27 07:48:34 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012.05.26 18:31:11 | 000,007,627 | ---- | C] () -- C:\Users\Philip\AppData\Local\Resmon.ResmonCfg [2012.05.26 10:38:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012.05.26 10:38:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012.05.16 14:48:45 | 000,002,993 | ---- | C] () -- C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\resonance.lnk [2012.05.15 21:13:12 | 000,000,104 | ---- | C] () -- C:\Users\Philip\Desktop\Systemsteuerung - Verknüpfung.lnk [2012.05.11 22:59:54 | 000,157,934 | ---- | C] () -- C:\Users\Philip\Documents\ts3_clientui-win32-1334913258-2012-05-11 22_59_46.433184.dmp [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.19 15:31:32 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini [2012.01.19 15:31:32 | 000,000,388 | ---- | C] () -- C:\Windows\XENMCcfg.ini [2012.01.19 15:31:31 | 000,186,880 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.01.19 15:31:31 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.11.08 01:41:08 | 000,001,430 | ---- | C] () -- C:\Users\Philip\AppData\Local\RecConfig.xml [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.29 03:51:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2011.06.17 14:13:49 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.06.17 14:13:49 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.06.17 14:13:46 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.06.17 14:13:46 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011.06.17 14:09:56 | 000,034,971 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.06.17 14:09:07 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.06.17 14:09:06 | 000,028,464 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.06.17 13:10:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.05.26 11:12:41 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\AVG [2012.05.26 10:40:12 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\AVG2012 [2011.10.16 10:46:51 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\DVDVideoSoft [2011.08.22 04:43:45 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.18 01:45:48 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\enchant [2011.11.20 22:04:47 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\GetRightToGo [2012.05.30 14:08:49 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\gtk-2.0 [2012.05.31 12:13:23 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\ICQ [2012.05.29 11:44:21 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\ICQ Search [2011.10.16 10:24:12 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Jens Lorek [2012.04.06 19:37:42 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\LolClient [2012.05.29 20:32:44 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Media Finder [2011.11.08 01:52:20 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\OpenCandy [2011.09.17 14:16:58 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\OpenOffice.org [2012.01.18 22:28:46 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Opera [2012.05.30 10:00:38 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\QuickScan [2011.08.21 07:10:47 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Thunderbird [2012.05.30 18:58:51 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\TS3Client [2012.04.09 20:48:49 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\TuneUp Software [2012.05.30 00:52:43 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\uTorrent [2011.07.29 02:51:55 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Vodafone [2012.04.09 16:06:23 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Windows SideBar [2012.05.03 15:43:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report > --- --- --- OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.05.2012 12:16:38 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Philip\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 49,55% Memory free
7,99 Gb Paging File | 5,34 Gb Available in Paging File | 66,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,10 Gb Total Space | 8,09 Gb Free Space | 8,09% Space Free | Partition Type: NTFS
Drive D: | 365,57 Gb Total Space | 228,84 Gb Free Space | 62,60% Space Free | Partition Type: NTFS
Drive E: | 11,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: AKASHA | User Name: Philip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EB712E-2476-463C-AF8B-0E95B2703337}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{08BF5711-0869-4D2E-8A8B-D5D2D1A2CE8B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1233DF79-1E48-4C40-A250-764094ECE382}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29648CEF-DBAB-4236-9CC3-8861A0693E17}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{38B3F854-9698-4228-BAED-9380CE538B8E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3AE39737-5833-486A-8930-D8990AC96887}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B791BEF-F031-4C23-B4A4-92278695AD93}" = rport=139 | protocol=6 | dir=out | app=system |
"{3F12367C-36E6-46D2-8295-093135F9452C}" = lport=139 | protocol=6 | dir=in | app=system |
"{4888D796-AF86-48AC-B8C4-CF0A7857C498}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55458EBE-CFAD-496F-A7E0-89034195958A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{78BA2388-506C-498A-9B22-EFB7E753E5EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C479119-4AC9-4C1F-A896-9612E8CACF70}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7C8CBD97-98AD-4A88-BE58-EDDB143D2FBA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F74B46B-F0DF-4E8D-998F-68E71C8245C9}" = lport=137 | protocol=17 | dir=in | app=system |
"{8330977C-0329-4AEA-9214-2F1B5B9ED9BF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{928D3A76-F02F-4220-AAD5-A5C28492A973}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9B363EB3-5ECF-42E8-819D-D01B61BD15D1}" = lport=445 | protocol=6 | dir=in | app=system |
"{9DE687B5-5DD2-4BCD-8E0B-89556E6ADEDC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A04EB9F6-57DE-4933-B7E2-351AF2147BB3}" = rport=445 | protocol=6 | dir=out | app=system |
"{A33F598F-73AE-4BD0-B0FC-8AEE44A1EB3E}" = lport=138 | protocol=17 | dir=in | app=system |
"{A87ACF8A-B27F-40A3-93E5-988CB58F2D92}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A88A9F1C-844E-464C-8C31-12172C54BBFD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCBABA05-857D-48AE-884D-884D9A49B141}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9ED4065-F609-412D-B447-F5B6DE723F6F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D005C41A-A892-4072-A845-5A7346FE7D31}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D01523B9-DB28-4132-A124-F366A4737B2B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D85D86BB-D511-42E1-94EF-53C09049099A}" = rport=138 | protocol=17 | dir=out | app=system |
"{E5A3DE89-0180-4290-B470-757CB76FA5CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE580DCB-1E0D-462B-951C-FEC252AE54F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBB70CFB-7B53-4BDC-8CB6-AD2F3CFA304F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC65C731-C712-459A-98C7-8945D3BE2881}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001DA41C-99FC-4811-9214-F2F76C8AF0D1}" = protocol=17 | dir=in | app=d:\programme\avgnsa.exe |
"{038A6F06-2BF5-483D-9121-77C5E8346D45}" = protocol=17 | dir=in | app=d:\programme\icq7m\icq.exe |
"{03932BFF-FDAE-403F-813C-AC109561756D}" = protocol=17 | dir=in | app=d:\programme\utorrent\utorrent.exe |
"{082F98A3-FE82-44AB-BE46-0BC00D3474A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{120AA13D-D89A-4EE4-B3CE-6DD9CB5DF2AC}" = protocol=17 | dir=in | app=d:\programme\avgdiagex.exe |
"{16A25ED9-93E1-4D7A-B3D2-9B0DEACDCF8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D91B076-9096-4A95-BEE1-B99AA1C1F00E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{231CB4B4-F10B-4D26-9449-5EA8653C736E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B72E203-161A-4EEE-BE41-21C7B41D98F0}" = protocol=6 | dir=in | app=d:\programme\icq7m\icq.exe |
"{31DB911D-A6F4-448D-925B-DC526742F157}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37558E0F-7AE3-4719-9E5D-013028604D11}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38027152-DFB2-4944-A54E-71A15947EFAC}" = protocol=17 | dir=in | app=d:\programme\avgemca.exe |
"{4F213661-9686-4A5B-93F8-9C43115701AA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{514144FE-0752-4BFC-A4B9-E463561BEE63}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5674EA53-CD30-4E1E-9372-3CA183D10543}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{65320F38-FF63-409C-ADA9-DB0A5E589D8D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{699DA52D-A6FA-4888-8A5E-60A0C6E13B96}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6BD4B56A-7D32-4EF3-8B07-76DB983DE514}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C89F141-37B8-44B0-945A-1D2AFF0A239F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6F884089-201B-476C-AFA0-DE1B0F2446B9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7F928805-8189-4D3E-BCC4-EFD62D02D187}" = protocol=6 | dir=in | app=d:\programme\utorrent\utorrent.exe |
"{82EC3FF7-B695-4BCF-8486-3518DC8FBCD4}" = protocol=17 | dir=in | app=d:\programme\avgmfapx.exe |
"{8CEB7394-CF74-407A-93FB-1E2391126F7B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FA79CDD-6797-46D8-9941-5F4893EFF227}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{94F5BD5C-8CED-412D-A186-C5103C01246C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9E86613B-70F8-41FD-9A87-14D03E9A13A8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0BC9DF9-C2FD-4AE8-AC88-B02A6C9463AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A1EE23A1-E868-4BE6-ADB4-BEE2438BD765}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD42A6B6-5000-4088-8083-5713CB0A7FD7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{AD7DF845-9FB4-4223-8C82-145A3FB34A03}" = protocol=6 | dir=in | app=d:\programme\avgdiagex.exe |
"{AE0B72FD-53E6-4BB6-85EC-E4240C3F8ED0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AF02C25C-1C8E-487E-8786-232E15687A6F}" = protocol=6 | dir=in | app=d:\programme\avgmfapx.exe |
"{B2EE2BF1-0BEE-482F-8DD2-15FCADE220BC}" = protocol=6 | dir=in | app=d:\programme\icq7m\icq.exe |
"{BA5F4AD5-C0CF-4DE8-A9C8-3E67597A0B11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BC5C2332-AB4E-4478-B2A6-790F7BB4C0E0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C3D2B513-0ACF-4DB4-9636-9DC506ABC3C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CF137CDC-6EEF-4D98-A528-25E459C5C127}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D2B0BD37-BD88-46E0-B0CB-F1A06F1E3E99}" = protocol=6 | dir=in | app=d:\programme\avgemca.exe |
"{D52E78AE-1795-48BE-8638-C5850324212C}" = protocol=6 | dir=in | app=d:\programme\icq7m\icq.exe |
"{E0D5C3AE-EBB7-4158-AC0D-3B72DDCD8888}" = protocol=6 | dir=in | app=d:\programme\avgnsa.exe |
"{E57E7D63-834A-4017-89DE-CA097EE963F1}" = protocol=17 | dir=in | app=c:\users\philip\appdata\local\akamai\netsession_win.exe |
"{E64AC5B8-BE76-4706-9CD1-4929D4A9C8F8}" = protocol=6 | dir=out | app=system |
"{EE8B1D6E-2334-4900-BDC4-DF3D7C110717}" = protocol=17 | dir=in | app=d:\programme\icq7m\icq.exe |
"{EF19F510-AB12-4F93-BD7B-87738C2A9E53}" = protocol=6 | dir=in | app=c:\users\philip\appdata\local\akamai\netsession_win.exe |
"{FDB8A077-451C-4754-BB83-2A2B9B3FF84A}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe |
"{FED7B4BC-A32F-4489-85EB-C97FE70DF934}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEF9112B-D790-4B56-AAB4-C6253B183C5E}" = protocol=17 | dir=in | app=d:\programme\icq7m\icq.exe |
"TCP Query User{B2DE2DF1-B487-4777-9F44-7ABF2C3E8D24}D:\programme\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=d:\programme\atube catcher 2.0\yct.exe |
"TCP Query User{E92C06E0-2024-44B5-AEEA-4C7EA0800B86}C:\users\philip\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" = protocol=6 | dir=in | app=c:\users\philip\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe |
"UDP Query User{CFE5F815-713C-45F5-A146-7483D3AD1E18}C:\users\philip\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" = protocol=17 | dir=in | app=c:\users\philip\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe |
"UDP Query User{D558B0AB-8438-4922-9F0E-3A91496833BE}D:\programme\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=d:\programme\atube catcher 2.0\yct.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{222400DE-7E85-7599-2BFA-AE99BFA904EC}" = AMD Fuel
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{59D4C823-ABAC-4E3D-B624-C3678B873227}" = BitDefender TrafficLight
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{857B32C1-7C87-40B5-B2A5-D06F49B80002}" = AVG 2012
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"BitDefender TrafficLight" = BitDefender TrafficLight
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TS3 Overlay" = TS3 Overlay
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2226247D-9846-4370-A1EF-FAA6958F7632}" = Sound Blaster Tactic(3D) Alpha
"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{39EA37CE-FC7F-4FF0-AC3F-F72E00A13727}" = resonance
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7F2A7122-0366-4862-BC2B-A10E5A5F5BEA}" = ProjektOsrik
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B354FB16-3027-47AF-AF3F-7AD1209B886E}" = GlobalDK
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Akamai" = Akamai NetSession Interface
"aTube Catcher" = aTube Catcher
"avast" = avast! Internet Security
"Characterizer_is1" = Charecterizer 1.0
"EdenEternal-DE" = EdenEternal-DE
"Google Chrome" = Google Chrome
"GTL" = Gametree Launcher
"Guard.Mail.ru" = Guard.ICQ
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Opera 11.64.1403" = Opera 11.64
"RealPlayer 15.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"SysInfo" = Creative Systeminformationen
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Akamai" = Akamai NetSession Interface
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Geändert von Akasha2012 (31.05.2012 um 11:25 Uhr) |
|
01.06.2012, 15:05
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Verdacht auf unbekannten Virus! Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
| Themen zu Verdacht auf unbekannten Virus! |
| alternate, bekannte, bluescreen, brauch, browser, codecv, gefunde, incredibar.com, install.exe, inter, interne, internetbrowser, internetseite, latein, leere, mystart, opera, plug-in, probleme, programme, progressive, searchscopes, seite, systemleistung, tagen, tubebox, unbekannte, unbekannten, vdeck.exe, verdacht, verringert, version=1.0, virenprogramme, virus, visual studio, weniger |
Linear-Darstellung
