|
Log-Analyse und Auswertung: Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeckWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
12.06.2012, 20:09 | #1 | ||
| Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck Hallo, bei einem Standard-Scan ohne vorherige Meldung meines Virenscanner (AVIRA Premium) habe ich 2-3 mögliche Viren entdeckt. So bin ich vorgegangen: Trotz AVIRA Firewall/Virenscanner scanne ich alle paar Monate mit OnlineVirenScannern noch einmal "Quer". Am Anfang des Jahres wurde nichts entdeckt. Gestern Abend scannte ich meinen Rechner mit den OnlineScannern von eset & von Bitdefender. Ich weiß gar nicht mehr genau Welcher von Beiden, aber ich glaube der Bitdefender hat dann alte Java Versionen bemängelt. Nicht bemängelt hat er eine Exe Datei, die aber dann während des Scans wiederrum von AVIRA bemängelt wurde (ich weiß ) aber ich hoffe ich konnte es richtig erklären... Meine Frage nun: Kann ich verifizieren oder erkennen ob nun jemals was auf meinem Comp. gelaufen ist oder muss ich nun davon ausgehen, das eine Malware/ ein Trojaner aktiv war? MalwareBytes habe ich schon probiert findet nichts. Derzeit haben ich diese Logs: bitdefender? Zitat:
AVIRA Zitat:
Danke schon einmal für jeden, der sich des Themas annimmt. Viele Grüsse Christian |
13.06.2012, 22:09 | #2 | |||
/// Helfer-Team | Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter Zitat:
Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
14.06.2012, 08:10 | #3 |
| Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck Hallo,
__________________vielen Dank für die Unterstützung Kira. Als Update: Die Kaspersky Rettungs CD lies ich gestern Nacht laufen "und hat auch nichts gefunden" (vl. hilft die das weiter ) HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:27:39, on 14.06.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe C:\Program Files (x86)\ThreatFire\TFService.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\FreePDF_XP\fpassist.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\ThreatFire\TFTray.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\sgskies\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\ThreatFire\TFUN.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_m3201 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = xxxcompanyip bei vpn einwahlxxx R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: 109XXXXXX wXXXXdurch mich hinzugefügtXXXX O1 - Hosts: 109XXXXXX XXXXdurch mich hinzugefügtXXXX O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing) O2 - BHO: PAYBACK Toolbar Browserhilfsobjekt - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: PAYBACK Toolbar - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll O4 - HKLM\..\Run: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [KiesTrayAgent] C:\sgskies\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background O4 - HKCU\..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_S248E.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Google Update] "C:\Users\christian\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [KiesHelper] C:\sgskies\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesPDLR] C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [Boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Dropbox.lnk = christian\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: VR-NetWorld Auftragsprüfung.lnk = ? O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - hxxp://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://secure.siegenia-aubi.com/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe O23 - Service: Avira Email Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Browser Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\ThreatFire\TFService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15468 bytes [/CODE] OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.06.2012 08:31:07 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\christian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 58,59% Memory free 8,63 Gb Paging File | 6,37 Gb Available in Paging File | 73,81% Paging File free Paging file location(s): c:\pagefile.sys 5000 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 141,74 Gb Total Space | 27,22 Gb Free Space | 19,20% Space Free | Partition Type: NTFS Drive D: | 141,70 Gb Total Space | 99,61 Gb Free Space | 70,30% Space Free | Partition Type: NTFS Drive L: | 5,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive M: | 3,81 Gb Total Space | 1,50 Gb Free Space | 39,44% Space Free | Partition Type: FAT32 Computer Name: PCNAME | User Name: NAME | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\christian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\sgskies\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - C:\Users\christian\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll () MOD - C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL () MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) SRV - (dsNcService) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (LVUVC64) Logitech Webcam Pro 9000(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools) DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools) DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (dsNcAdpt) -- C:\Windows\SysNative\drivers\dsNcAdpt.sys (Juniper Networks) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation) DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation) DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation) DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (GigasetGenericUSB_x64) -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys (Siemens Home and Office Communication Devices GmbH & Co. KG) DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\drivers\PSDVdisk.sys (Egis Incorporated) DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\drivers\PSDNServ.sys (Egis Incorporated) DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\drivers\psdfilter.sys (Egis Incorporated) DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation) DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation) DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation) DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation) DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation) DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation) DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (AMD Technologies Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_m3201 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_m3201 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_m3201 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.de/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE360DE360 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 191.1.XXXX:8080 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.10 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3 FF - prefs.js..extensions.enabledItems: senseo@nicosteiner.de:1.5.5 FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.3 FF - prefs.js..extensions.enabledItems: {66B2CEAE-80B4-46b0-8E4D-586721E5C1FA}:1.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - prefs.js..network.proxy.backup.ftp: "191.1.XXXXX" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.gopher: "191.1.XXXXX" FF - prefs.js..network.proxy.backup.gopher_port: 8080 FF - prefs.js..network.proxy.backup.socks: "191.1.XXXXX" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "191.1.XXXXX" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "191.1.XXXXX" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "191.1.XXXXX" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "191.1.1.50" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1,XXanet,dokXXXXX" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "191.1.XXXXX" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "191.1.XXXXX" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.26 22:48:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.18 22:06:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 23:41:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.08.15 00:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions [2010.08.15 00:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.12 08:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions [2012.04.11 09:10:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2010.12.29 18:47:32 | 000,000,000 | ---D | M] (FoxGuide) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{66B2CEAE-80B4-46b0-8E4D-586721E5C1FA} [2012.06.12 08:13:54 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.06.03 23:49:03 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012.04.26 22:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.09 10:04:59 | 000,009,489 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8IOAJHYT.DEFAULT\EXTENSIONS\{E6C93316-271E-4B3D-8D7E-FE11B4350AEB}.XPI [2012.05.17 20:26:01 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8IOAJHYT.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012.04.26 22:48:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.27 20:35:34 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.01.26 10:52:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.26 10:52:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AT_ChloeV4 = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pillplnpmfjckedkedpaoembffbpklnf\2_0\ CHR - Extension: Google Mail = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.14 08:27:38 | 000,000,085 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 109.237.XXXX xxxxwerbung.de O1 - Hosts: 109.237.XXXX xxxxxgraesxxxe O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [KiesTrayAgent] C:\sgskies\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) O4 - HKCU..\Run: [Boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun File not found O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_S248E.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [KiesHelper] C:\sgskies\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab (Battlefield Play4Free Updater) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.siegenia-aubi.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{006F36B7-495D-459B-B7E7-10E559DB48D4}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.02.12 21:53:42 | 000,000,277 | R--- | M] () - L:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2008.11.03 14:30:00 | 000,000,043 | ---- | M] () - M:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 08:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012.06.14 08:25:29 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.06.14 08:23:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe [2012.06.14 07:57:27 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.06.14 07:57:27 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.06.14 07:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.06.14 07:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.06.13 07:41:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.13 07:41:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.13 07:41:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.13 07:41:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.13 07:41:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.13 07:41:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.13 07:41:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.13 07:41:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.13 07:41:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.13 07:41:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.13 07:41:23 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.13 07:41:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.13 07:41:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.13 07:39:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 07:39:23 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 07:39:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 07:39:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 07:39:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 07:39:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 07:39:13 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 07:38:31 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 07:38:30 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.12 08:42:34 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.06.12 08:14:10 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\QuickScan [2012.06.12 07:52:21 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys [2012.06.12 07:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security [2012.06.12 07:30:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012.06.12 07:30:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012.06.12 07:30:16 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012.06.12 07:30:16 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012.06.12 07:30:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012.06.12 07:30:16 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012.06.12 07:30:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012.06.12 07:30:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012.06.12 07:30:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012.06.12 07:30:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012.06.12 07:30:16 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012.06.12 07:30:16 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012.06.12 07:30:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012.06.12 07:30:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012.06.12 07:30:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012.06.12 07:30:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012.06.12 07:30:16 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012.06.12 07:30:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012.06.12 07:30:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012.06.12 07:30:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012.06.12 07:30:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012.06.12 07:30:15 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012.06.12 07:30:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012.06.12 07:30:15 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012.06.12 07:30:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012.06.12 07:30:15 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012.06.12 07:30:14 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012.06.12 07:30:14 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012.06.12 07:30:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012.06.12 07:30:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012.06.12 07:30:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012.06.12 07:30:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012.06.12 07:30:14 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012.06.12 07:30:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012.06.12 07:30:14 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012.06.12 07:30:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012.06.12 07:30:14 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012.06.12 07:30:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012.06.12 07:30:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012.06.12 07:30:14 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012.06.12 07:30:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012.06.12 07:30:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012.06.12 07:30:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012.06.12 07:30:13 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012.06.12 07:30:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012.06.12 07:30:13 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012.06.12 07:30:13 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012.06.12 07:30:13 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012.06.12 07:30:13 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012.06.12 07:30:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012.06.12 07:30:13 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012.06.12 07:30:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012.06.12 07:30:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012.06.12 07:30:13 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012.06.12 07:30:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012.06.12 07:30:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012.06.12 07:30:13 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012.06.12 07:30:12 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.06.12 07:30:12 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.06.11 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.05.28 14:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\fptffb [2012.05.28 14:34:49 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Kvisoft [2012.05.28 14:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kvisoft [2012.05.28 14:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\flippagemaker [2012.05.28 14:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF [2012.05.28 14:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Flip Book - freeware [2012.05.28 14:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF to Flip Book - freeware [2012.05.28 14:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\flipBook [2012.05.28 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Boxtools [2012.05.28 14:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlipPDF to Flash (freeware) [2012.05.28 14:18:35 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\gpdf2swf [2012.05.28 14:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf2swf [2012.05.28 14:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SWFTools [2012.05.26 09:46:47 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Installer6972 [2012.05.20 14:15:18 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\FastStone [2012.05.20 14:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer [2012.05.20 14:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Photo Resizer [2012.05.20 14:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.20 14:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.20 14:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.05.18 09:26:51 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\XMedia Recode ========== Files - Modified Within 30 Days ========== [2012.06.14 08:27:38 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.14 08:25:39 | 000,011,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 08:25:39 | 000,011,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 08:25:29 | 000,002,995 | ---- | M] () -- C:\Users\christian\Desktop\HiJackThis.lnk [2012.06.14 08:24:01 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-596608549-2719220304-2657583658-1000UA.job [2012.06.14 08:23:42 | 001,402,880 | ---- | M] () -- C:\Users\christian\Desktop\HiJackThis.msi [2012.06.14 08:23:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe [2012.06.14 08:17:16 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.14 08:17:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.14 08:16:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.14 08:16:07 | 3019,251,712 | -HS- | M] () -- C:\hiberfil.sys [2012.06.14 08:00:24 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 08:00:24 | 000,658,988 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 08:00:24 | 000,620,174 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 08:00:24 | 000,132,558 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 08:00:24 | 000,108,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.14 07:48:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.14 07:24:32 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.06.13 20:23:07 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-596608549-2719220304-2657583658-1000Core.job [2012.06.13 19:30:55 | 002,321,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.13 01:01:53 | 000,004,129 | ---- | M] () -- C:\Users\christian\AppData\Roaming\com.living-e.timeEdition.plist [2012.06.12 07:30:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012.06.12 07:30:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012.06.12 07:30:16 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012.06.12 07:30:16 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012.06.12 07:30:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012.06.12 07:30:16 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012.06.12 07:30:16 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012.06.12 07:30:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012.06.12 07:30:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012.06.12 07:30:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012.06.12 07:30:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012.06.12 07:30:16 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012.06.12 07:30:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012.06.12 07:30:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012.06.12 07:30:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012.06.12 07:30:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.06.12 07:30:16 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012.06.12 07:30:16 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012.06.12 07:30:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012.06.12 07:30:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012.06.12 07:30:16 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012.06.12 07:30:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012.06.12 07:30:15 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012.06.12 07:30:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012.06.12 07:30:15 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012.06.12 07:30:15 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012.06.12 07:30:15 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012.06.12 07:30:14 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012.06.12 07:30:14 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012.06.12 07:30:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012.06.12 07:30:14 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012.06.12 07:30:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012.06.12 07:30:14 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012.06.12 07:30:14 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012.06.12 07:30:14 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012.06.12 07:30:14 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012.06.12 07:30:14 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012.06.12 07:30:14 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012.06.12 07:30:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012.06.12 07:30:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012.06.12 07:30:14 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012.06.12 07:30:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012.06.12 07:30:14 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012.06.12 07:30:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012.06.12 07:30:13 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012.06.12 07:30:13 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012.06.12 07:30:13 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012.06.12 07:30:13 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012.06.12 07:30:13 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012.06.12 07:30:13 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012.06.12 07:30:13 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012.06.12 07:30:13 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012.06.12 07:30:13 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012.06.12 07:30:13 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012.06.12 07:30:13 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012.06.12 07:30:13 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012.06.12 07:30:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.06.12 07:30:13 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012.06.12 07:30:13 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012.06.12 07:30:12 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.06.12 07:30:12 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.06.12 07:05:26 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.12 05:26:16 | 000,002,384 | ---- | M] () -- C:\Users\christian\Desktop\Google Chrome.lnk [2012.06.06 09:03:49 | 000,002,012 | -H-- | M] () -- C:\Users\christian\Documents\Default.rdp [2012.06.03 15:27:53 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.06.03 15:27:53 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.05.26 09:41:14 | 000,002,727 | ---- | M] () -- C:\Users\Public\Desktop\Lexware büro easy.lnk [2012.05.26 09:40:07 | 000,001,055 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.05.26 09:39:45 | 000,001,031 | ---- | M] () -- C:\Users\christian\Desktop\Dropbox.lnk [2012.05.20 14:13:34 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk [2012.05.20 14:02:04 | 000,000,080 | ---- | M] () -- C:\Users\christian\Desktop\hosts [2012.05.18 16:30:10 | 000,000,044 | ---- | M] () -- C:\Windows\SysNative\InstallationInfs [2012.05.18 16:29:13 | 000,139,360 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2012.05.18 16:29:13 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.18 16:29:13 | 000,114,128 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2012.05.18 16:29:13 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.18 04:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.05.18 03:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.05.18 03:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.05.18 03:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.05.18 03:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.05.18 03:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.05.18 03:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.05.18 00:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.05.18 00:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.05.18 00:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.05.18 00:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.05.18 00:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.05.18 00:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll ========== Files Created - No Company Name ========== [2012.06.14 08:25:29 | 000,002,995 | ---- | C] () -- C:\Users\christian\Desktop\HiJackThis.lnk [2012.06.14 08:23:38 | 001,402,880 | ---- | C] () -- C:\Users\christian\Desktop\HiJackThis.msi [2012.06.14 07:24:32 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.06.12 07:30:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.06.12 07:30:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.06.12 07:05:26 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.20 14:13:34 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk [2012.05.18 16:30:08 | 000,000,044 | ---- | C] () -- C:\Windows\SysNative\InstallationInfs [2012.04.12 15:33:00 | 006,157,872 | ---- | C] () -- C:\Program Files (x86)\tfbl.db4 [2012.04.12 15:32:55 | 000,603,580 | ---- | C] () -- C:\Program Files (x86)\tfwl.db5 [2012.04.12 15:32:55 | 000,047,812 | ---- | C] () -- C:\Program Files (x86)\Statistics.xml [2012.04.12 15:32:55 | 000,004,339 | ---- | C] () -- C:\Program Files (x86)\Blogs.htm [2012.04.11 08:18:46 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini [2012.04.11 08:18:46 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini [2012.04.11 08:18:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.04.11 08:16:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.02.10 12:15:16 | 000,202,240 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2012.02.10 12:14:02 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2012.02.10 12:11:48 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2012.02.10 12:11:30 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.22 20:14:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2010.11.10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2010.11.10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2010.10.06 23:01:46 | 000,000,036 | ---- | C] () -- C:\Users\christian\AppData\Local\housecall.guid.cache [2010.09.30 22:47:58 | 000,004,129 | ---- | C] () -- C:\Users\christian\AppData\Roaming\com.living-e.timeEdition.plist [2010.09.21 19:52:15 | 000,007,617 | ---- | C] () -- C:\Users\christian\AppData\Local\Resmon.ResmonCfg [2010.08.31 20:23:02 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll [2010.08.01 19:20:11 | 000,011,776 | ---- | C] () -- C:\Users\christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.21 22:09:26 | 000,000,600 | ---- | C] () -- C:\Users\christian\AppData\Local\PUTTY.RND [2010.06.23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.06.23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll < End of report > OTL EXTRAS OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.06.2012 08:31:07 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\christian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 58,59% Memory free 8,63 Gb Paging File | 6,37 Gb Available in Paging File | 73,81% Paging File free Paging file location(s): c:\pagefile.sys 5000 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 141,74 Gb Total Space | 27,22 Gb Free Space | 19,20% Space Free | Partition Type: NTFS Drive D: | 141,70 Gb Total Space | 99,61 Gb Free Space | 70,30% Space Free | Partition Type: NTFS Drive L: | 5,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive M: | 3,81 Gb Total Space | 1,50 Gb Free Space | 39,44% Space Free | Partition Type: FAT32 Computer Name: MEINCOMPNAME | User Name: christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11BB73FF-798F-40DB-A1DB-8A07EDE78904}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2189C906-7B8C-402D-8DF2-24C0ADBC9568}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{47CA5C7B-AE68-4696-A984-0637FCAAD9A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{51F39388-F022-4C21-BB43-7FC2AE1AE4F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{61C22ECB-9A8E-4E3A-AEB0-D6922A11AB80}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{6E0E4D0A-4250-4FD5-A226-CA3FC642DA24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{754F2325-4E56-4346-8ED3-8EBBC21C2BAF}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{A291A0FA-41D6-4688-B033-104E22DF9451}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B8A7AB7D-ECD4-4D01-AB0D-44A74F81F283}" = rport=10243 | protocol=6 | dir=out | app=system | "{C61C8ED3-593B-4AB1-98A0-DDA266217725}" = lport=2869 | protocol=6 | dir=in | app=system | "{CACF043D-3E0F-4812-9993-C89AF0E2E4B6}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{D4C5D12D-522D-46CD-B77E-D514C1D79C1F}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{DD076F0E-D76B-45E6-8B21-8116BFDF056E}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02895136-2953-4AA3-91D9-5ABE8679C608}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{04318EAD-44D7-4673-97A3-850E7C31CFFE}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{06310750-BC8F-466F-BD46-B00E790CB92D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | "{0C25CB91-000C-4CCD-ADE1-6ABDFB3F80E3}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{11E6FD0E-43D7-4602-AAF6-C3DA44C21421}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1483C3B7-9A4C-4D2B-807A-BA5241E13C61}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | "{171FC6A2-88BE-428D-9B2E-E9D20FE16BB7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | "{24E8AC26-6B79-4BE3-A5E4-81A907CB2198}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2BF66F0A-B2AC-4D88-AC2E-738BC9874EFA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{2F95D6D5-0CBD-4DF9-A36F-35E971FA6020}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{39926324-1000-4A95-B5F2-89B7EBF27FF2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4A632540-2024-4F80-8EDE-EC41525095DF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{50441755-6B61-4D46-8C42-178299A09876}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{50B26A08-DBD4-4CE8-861D-6C68BB38152F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{52CB2D54-2DAD-47EF-A5D1-2ED89DC49FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{562B8D58-C7BD-478C-AF21-8C9E1B1E41FF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{5C809487-561D-466B-9074-48EC8B535D3F}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | "{5CDA88D4-177C-4ED6-9C5D-B75A0E14C08A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6416E59D-6A4F-4EED-8B59-907F1BD3A449}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{685FA085-8D5F-4ECD-B1C0-4063DE3BF2CC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6D61298E-83F6-4CB3-AB73-80A28119AD00}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7CFBF133-2DA0-4678-B03E-68AC77211389}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{81287567-F451-42FD-94E3-C9B48E48C272}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{82B8E191-916E-4C9C-A71D-B0080812BF1E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{838E071C-3FAE-4C3A-B0EE-9CE5EC4A750A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{871B1655-6758-49BB-90A4-C07872CB5AD6}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{897AF581-A425-4F43-A330-3FA82A58422E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{89B56BBC-C1F9-43E9-AA1D-1B63F2CE72E3}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | "{8D015DFF-36A9-426D-BF9E-C1B9DB4E3A97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8E95CF50-C816-4867-BC09-C99F58815AFC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{8F317029-672D-4ED6-BC4D-518190288307}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9049EF3A-F1B5-431A-953C-087647B556CD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{97206B30-C2A9-4EB7-9CC0-EC0C453AFF27}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A491E7AE-EDE6-4C48-9DC5-C08F7F651035}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{ACF6D1C6-796C-4CC6-9F71-9A8E59A4A0BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AF1D213D-5AC4-44CD-9CA8-326CE54DE968}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | "{BF0782E6-983C-4D2A-82F1-76F3B31D4983}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | "{CCE08ABF-AB11-4C8C-B155-007C20373CF4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | "{CE22AB43-7630-4AC5-965C-7DB5A9479142}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{D0363F90-F40A-49C3-A784-1B4D03CADC1A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{D4A97559-5287-45A4-9E61-F023160578D8}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | "{D4F756F9-7538-40C4-9E5A-EEBB871497C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{D556BCB8-D64F-4903-A1DC-2F0C3233A270}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DC34362F-1768-4AE7-8EC7-1C704487F5BA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{DE018B22-F774-473E-80BB-DC1DAAA2AD63}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | "{E17FB817-9D85-4574-A049-1DDF3603D896}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{E2A36AE3-9D88-4272-BB12-A15BAECA97BF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{E7B038DC-0881-40C9-82AB-97399B26F073}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{E8A071C8-9D9C-4A7B-BC61-FEE96653D199}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{EC71FA35-43A4-4197-B913-E0AD3B220269}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{ED5EE59D-5F6B-4C11-8D16-F98EB84B4EE4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | "{F5DB139F-ADFC-4631-B3B2-0AABD89F4B07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F862E470-0D86-4A38-BEEC-31B8DEA03937}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{FBD9CA5A-756C-40FE-9D37-9DE2561DC37B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FD82090E-71D4-4065-86F1-B75010396D1F}" = protocol=6 | dir=out | app=system | "TCP Query User{0F6885B1-4261-4327-9A0F-90D0AAAA3704}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{0FA38312-AFA6-4B91-A81E-52A8E84A12FA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{18A14C63-BC6C-46AB-9668-44B0F694F800}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{38C73711-8557-4A7A-BC59-5E2697F9918D}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | "TCP Query User{71D52A7B-A1AE-462D-B8FB-E473F03D315E}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "TCP Query User{8A81B094-A79D-4206-A815-EF3A25895382}E:\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=e:\wd discovery software\wd discovery.exe | "TCP Query User{970D6D71-56CC-4DE9-A293-D6059EB31B24}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "TCP Query User{A4ACBC05-E34E-4DEC-8F78-64A136D8A8E1}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | "TCP Query User{BF0E2C38-9F2D-4B50-8DB1-FA4825C026F2}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | "UDP Query User{157BAB03-D439-4828-AD36-D2149C4CD4D1}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "UDP Query User{26930EC0-F54D-413A-A376-7118631638D3}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | "UDP Query User{6B12DCCD-35A0-47CF-8E7F-608D6F39137C}E:\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=e:\wd discovery software\wd discovery.exe | "UDP Query User{78A9CDE5-7A0A-4EB5-9A09-7BD5497839EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{8842D711-2F11-4F9A-A05B-F0BAF7196647}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{95FCF307-A24D-4451-9879-E3E05B7EFE66}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{C1879AD7-CF55-41C9-A5AF-0E226B7A93C5}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | "UDP Query User{C1F06034-7F75-41C9-AA70-E5C7644E0016}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{F7CC42D6-06DC-4ABA-998C-01A9FC431512}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{239558A4-D19F-44CE-5546-3C6653306B27}" = AMD Drag and Drop Transcoding "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{51317AF5-D39F-49EC-A4B5-87451466B837}" = AMD Fuel "{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}" = ATI Catalyst Install Manager "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{a325d0b9-0b5e-4ad1-9c5f-e39aa43f8c9d}" = Gigaset QuickSync "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64) "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DCDC59E6-A428-D091-C5A2-AC15B54FEFF1}" = ATI AVIVO64 Codecs "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F7BBC6A1-A3C9-4745-BFFF-6BAA485D89C3}" = PG583_64_inf "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "C5AA3B5CB0B86D325AD6960FFC90ABB1076B8FA7" = Windows-Treiberpaket - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.64.42) "CCleaner" = CCleaner "EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64) "NVIDIA Drivers" = NVIDIA Drivers "Redirection Port Monitor" = RedMon - Redirection Port Monitor "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-5 (x64) "WinRAR archiver" = WinRAR 4.00 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{09B9A2C2-FB96-BA16-60E3-23B7B12A69BE}" = Application Profiles "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{204294E8-371C-4DFB-8162-EF5BB4FEBFE1}" = Lexware Abschreibungsrechner "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3 "{41581163-87FB-4E8E-92C2-10366F8A3291}" = Lexware büro easy 2012 Vorteilsedition "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3 "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5880E4AC-88AC-AADB-0DCB-2A78093A8259}" = HydraVision "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{801EFC7D-AA66-F889-030D-C96E99F884A4}" = Catalyst Control Center InstallProxy "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9EFF1D7C-C4B0-4DEF-965C-261CB9604CD9}" = Lexware Elster "{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1 "{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine "{B1B669F9-B9FE-486D-924F-D6678FDB0FD5}" = Adobe Setup "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator "{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{B75932F6-EC0A-4E3A-AA7A-11AAC267B8A3}" = Adobe Creative Suite 3 Design Premium "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3 "{CB21905F-BE58-4DC9-8FC1-6EE2EA210423}" = Lexware online banking "{CD82DA39-2F2D-433E-5CB7-1C17A8C50E77}" = Catalyst Control Center InstallProxy "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DA2A851C-6E2B-4677-9DA5-5ED9A3B227E2}" = Quake Live Internet Explorer Plugin "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Adobe_dba14d7ef3aa07282d2b5a7a98d902a" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen "AmoK Find More!" = AmoK Find More! 1.1 "Architektur Designer 2007_is1" = Architektur Designer 2007 "Avira AntiVir Desktop" = Avira Internet Security 2012 "Battlelog Web Plugins" = Battlelog Web Plugins "DirSync" = DirSync 2.93 "DVDFab 8 Qt_is1" = DVDFab 8.1.7.3 (01/04/2012) Qt "DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011) "EPSON Scanner" = EPSON Scan "Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch "ESET Online Scanner" = ESET Online Scanner v3 "FastStone Photo Resizer" = FastStone Photo Resizer 3.1 "FileHippo.com" = FileHippo.com Update Checker "FileZilla Client" = FileZilla Client 3.5.3 "FreePDF_XP" = FreePDF (Remove only) "FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "IMAPSize_is1" = IMAPSize 0.3.7 "Imgares_is1" = Imgares "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IrfanView" = IrfanView (remove only) "Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0 "Logitech Vid" = Logitech Vid HD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MediaCoder" = MediaCoder 0.7.3.4602 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "Notepad++" = Notepad++ "Origin" = Origin "PAYBACK Toolbar_is1" = PAYBACK Toolbar 1.2 "PDF to Flip Book - freeware_is1" = PDF to Flip Book - freeware "PunkBusterSvc" = PunkBuster Services "Secunia PSI" = Secunia PSI (1.9.0.5004) "Sweet Home 3D_is1" = Sweet Home 3D version 2.3 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "The Regex Coach_is1" = The Regex Coach 0.9.2 "TreeSize Free_is1" = TreeSize Free V2.5 "VLC media player" = VLC media player 1.1.4 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "XMedia Recode" = XMedia Recode 2.2.6.8 "XMind" = XMind ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome "Juniper_Setup_Client" = Juniper Networks Setup Client "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.06.2012 02:24:28 | Computer Name = MEINCOMPNAME | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.06.2012 13:31:30 | Computer Name = MEINCOMPNAME | Source = WinMgmt | ID = 10 Description = Error - 13.06.2012 13:51:47 | Computer Name = MEINCOMPNAME | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446, Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651, Zeitstempel: 0x4e211319 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00035367 ID des fehlerhaften Prozesses: 0x1594 Startzeit der fehlerhaften Anwendung: 0x01cd498d2f74f78f Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 71b6ab23-b580-11e1-861f-002268080226 Error - 13.06.2012 16:13:06 | Computer Name = MEINCOMPNAME | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 13.06.2012 16:13:06 | Computer Name = MEINCOMPNAME | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15476 Error - 13.06.2012 16:13:06 | Computer Name = MEINCOMPNAME | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15476 Error - 13.06.2012 17:21:11 | Computer Name = MEINCOMPNAME | Source = Application Hang | ID = 1002 Description = Programm QBW32.exe, Version 25.30.4.56 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1840 Startzeit: 01cd49a633314567 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\lexware\bueroeasy\QBW32.exe Berichts-ID: 9bb8f998-b59d-11e1-861f-002268080226 Error - 13.06.2012 17:25:00 | Computer Name = MEINCOMPNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 01:13:06 | Computer Name = MEINCOMPNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 01:53:22 | Computer Name = MEINCOMPNAME | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446, Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x082f08be ID des fehlerhaften Prozesses: 0x1860 Startzeit der fehlerhaften Anwendung: 0x01cd49ed67c6e0c5 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 3f9386c1-b5e5-11e1-8706-002268080226 Error - 14.06.2012 02:17:09 | Computer Name = MEINCOMPNAME | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 13.06.2012 13:31:19 | Computer Name = MEINCOMPNAME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Error - 13.06.2012 17:22:29 | Computer Name = MEINCOMPNAME | Source = DCOM | ID = 10010 Description = Error - 13.06.2012 17:24:11 | Computer Name = MEINCOMPNAME | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 13.06.2012 17:24:51 | Computer Name = MEINCOMPNAME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Error - 13.06.2012 17:50:44 | Computer Name = MEINCOMPNAME | Source = DCOM | ID = 10010 Description = Error - 14.06.2012 01:12:21 | Computer Name = MEINCOMPNAME | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 14.06.2012 01:12:57 | Computer Name = MEINCOMPNAME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Error - 14.06.2012 02:07:00 | Computer Name = MEINCOMPNAME | Source = DCOM | ID = 10010 Description = Error - 14.06.2012 02:15:58 | Computer Name = MEINCOMPNAME | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 14.06.2012 02:17:03 | Computer Name = MEINCOMPNAME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd < End of report > [/CODE] CCLEANER Code:
ATTFilter 7-Zip 9.20 (x64 edition) Igor Pavlov 16.12.2010 4,53MB 9.20.00.0 ABBYY FineReader 6.0 Sprint ABBYY Software House 18.01.2010 119,5MB 6.00.1395.4512 Acer Arcade Live Main Page Acer Inc. 16.05.2011 1.1.2704 Acer DV Magician Acer Inc. 16.05.2011 1.5.2704 Acer DVDivine Acer Inc. 16.05.2011 3.2.2704 Acer eDataSecurity Management Egis Inc. 12.01.2009 69,3MB 3.0.3065 Acer Empowering Technology Acer Incorporated 27.04.2010 3.0.3016 Acer HomeMedia Acer Inc. 16.05.2011 1.5.1504 Acer HomeMedia Connect Acer Inc. 16.05.2011 1.4.6304 Acer HomeMedia Trial Creator Acer Inc. 16.05.2011 1.5.1504 Acer Product Registration Acer Incorporated 28.12.2009 3.0.0.10 Acer ScreenSaver Acer Incorporated 02.09.2009 4.01.0718 Acer SlideShow DVD Acer Inc. 16.05.2011 1.5.2704 Acer VideoMagician Acer Inc. 16.05.2011 1.4.2704 Adobe Color Common Settings Adobe Systems Incorporated 08.10.2010 9,20MB 1.0.1 Adobe Creative Suite 3 Adobe Systems Incorporated 30.08.2010 1.578MB 1.0 Adobe ExtendScript Toolkit 2 Adobe Systems Incorporated 25.05.2012 16,4MB 2.0.2 Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 04.05.2012 6,00MB 11.2.202.235 Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 04.05.2012 6,00MB 11.2.202.235 Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated 14.06.2011 165,4MB 10.1.0 Adobe Shockwave Player 11.5 Adobe Systems, Inc. 14.02.2011 11.5.9.620 AmoK Find More! 1.1 AmoK - The Art of Coding 03.10.2010 1.1 Apple Application Support Apple Inc. 04.01.2012 61,2MB 2.1.6 Apple Software Update Apple Inc. 04.01.2012 2,38MB 2.1.3.127 Application Profiles ATI Technologies, Inc. 28.05.2011 0,30MB 2.0.4148.33974 Architektur Designer 2007 zdynamix Informationstechnologie GmbH 10.06.2010 ATI Catalyst Install Manager ATI Technologies, Inc. 29.09.2011 22,4MB 3.0.833.0 Avanquest update Avanquest Software 08.04.2011 1.28 Avira Internet Security 2012 Avira 12.06.2012 109,4MB 12.0.0.1088 AVM FRITZ!fax für FRITZ!Box AVM Berlin 24.10.2011 Battlefield Play4Free EA Digital illusions 12.12.2010 Battlefield: Bad Company™ 2 Electronic Arts 02.12.2010 5.869MB 1.0.0.0 Battlelog Web Plugins EA Digital Illusions CE AB 29.09.2011 0.80.0 CCleaner Piriform 22.05.2012 3.19 DirSync 2.93 Stephen Kalisch 04.01.2011 DivX Converter DivX, Inc. 02.06.2010 7.1.0 Dropbox Dropbox, Inc. 25.05.2012 1.4.7 DVDFab 8.0.6.8 (05/01/2011) Fengtao Software Inc. 14.01.2011 37,6MB DVDFab 8.1.7.3 (01/04/2012) Qt Fengtao Software Inc. 03.04.2012 53,2MB Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 18.01.2010 2.1.0.0 Epson Event Manager SEIKO EPSON Corporation 27.04.2010 2.20.00 EPSON Scan 27.04.2010 Epson Stylus SX210_SX410_TX210_TX410 Handbuch 27.04.2010 EPSON SX210 Series Printer Uninstall SEIKO EPSON Corporation 02.06.2011 ESET Online Scanner v3 10.06.2012 FastStone Photo Resizer 3.1 FastStone Soft. 19.05.2012 3.1 FileHippo.com Update Checker 08.10.2010 FileZilla Client 3.5.3 FileZilla Project 27.01.2012 16,6MB 3.5.3 FreePDF (Remove only) 27.04.2010 Gigaset QuickSync Gigaset Communications GmbH 26.12.2011 7,73MB 7.1.0841.3 GoodSync Siber Systems 13.09.2011 9,77MB 8.7.8.8 Google Chrome Google Inc. 18.10.2010 19.0.1084.56 GPL Ghostscript 8.70 27.04.2010 HiJackThis Trend Micro 13.06.2012 0,36MB 1.0.0 ICQ7.2 ICQ 08.10.2010 7.2 IMAPSize 0.3.7 Broobles 11.04.2012 Imgares Konrad Papala 02.12.2011 IrfanView (remove only) Irfan Skiljan 08.04.2012 1,50MB 4.32 Juniper Networks Network Connect 6.4.0 Juniper Networks 27.04.2010 6.4.0.14619 Juniper Networks Setup Client Juniper Networks 08.02.2011 0,78MB 2.0.1.4429 Lexware Abschreibungsrechner Haufe-Lexware GmbH & Co.KG 26.03.2012 28,7MB 11.00.04.0001 Lexware büro easy 2012 Vorteilsedition Haufe-Lexware GmbH & Co.KG 25.05.2012 712MB 25.30.04.0056 Lexware Elster Haufe-Lexware GmbH & Co.KG 26.03.2012 82,8MB 12.03.00.0188 Lexware Info Service Haufe-Lexware GmbH & Co.KG 26.03.2012 15,8MB 2.80.00.0007 Lexware online banking Haufe-Lexware GmbH & Co.KG 26.03.2012 37,1MB 16.00.00.0001 Logitech Vid HD Logitech Inc.. 03.02.2011 7.2 (7240) Logitech Webcam Software Logitech Inc. 03.02.2011 2.0 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 11.06.2012 18,0MB 1.61.0.1400 MediaCoder 0.7.3.4602 Broad Intelligence 27.04.2010 0.7.3.4602 Mein CEWE FOTOBUCH 19.11.2011 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 01.01.2012 38,8MB 4.0.30320 Microsoft PowerPoint Viewer Microsoft Corporation 15.02.2012 192,2MB 14.0.6029.1000 Microsoft Reader 01.09.2010 Microsoft Silverlight Microsoft Corporation 19.05.2012 50,7MB 5.1.10411.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 08.10.2010 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 23.01.2012 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 0,29MB 8.0.56336 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 12.03.2011 0,60MB 8.0.61000 Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 15.04.2011 0,57MB 8.0.51011 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 15.04.2011 0,77MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 15.04.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 21.03.2010 3,74MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 29.10.2010 0,24MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 29.12.2009 0,76MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 17.06.2011 0,77MB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 21.03.2010 0,22MB 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 19.11.2011 0,23MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 26.02.2010 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 24.03.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 0,59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 13.07.2011 15,1MB 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 30.09.2011 12,3MB 10.0.40219 Microsoft Visual J# 2.0 Redistributable Package - SE (x64) Microsoft Corporation 24.11.2010 Microsoft Works Microsoft Corporation 08.10.2010 287MB 08.05.0822 Mozilla Firefox 12.0 (x86 en-US) Mozilla 25.04.2012 37,7MB 12.0 Mozilla Maintenance Service Mozilla 25.04.2012 0,21MB 12.0 Mozilla Thunderbird 12.0.1 (x86 en-US) Mozilla 30.04.2012 38,8MB 12.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 28.12.2009 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 28.12.2009 1,34MB 4.20.9876.0 MyPhoneExplorer F.J. Wechselberger 01.01.2012 1.8.2 Notepad++ 26.03.2012 6.0 NTI Backup Now 5 NewTech Infosystems 12.01.2009 29,4MB 5.1.2.616 NTI Media Maker 8 NewTech Infosystems 12.01.2009 206MB 8.0.2.6509 OpenOffice.org 3.2 OpenOffice.org 01.03.2011 380MB 3.2.9502 Origin Electronic Arts, Inc. 28.09.2011 8.2.5.2532 Panda ActiveScan 2.0 Panda Security 11.06.2012 3,91MB 01.04.01.0014 PAYBACK Toolbar 1.2 PAYBACK GmbH 08.06.2012 7,45MB 1.2.0 PDF to Flip Book - freeware flippdf Solution 27.05.2012 19,7MB PunkBuster Services Even Balance, Inc. 29.09.2011 0.991 Quake Live Internet Explorer Plugin id Software 18.01.2010 2,84MB 1.0.277 Quake Live Mozilla Plugin id Software 28.12.2009 2,82MB 1.0.277 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 27.04.2010 6.0.1.5888 RedMon - Redirection Port Monitor 27.04.2010 Safari Apple Inc. 04.01.2012 43,2MB 5.34.52.7 Samsung Kies Samsung Electronics Co., Ltd. 29.02.2012 219MB 2.2.0.12014_18 SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 01.01.2012 42,8MB 1.4.103.0 Samsung_MonSetup Samsung 28.08.2011 1.00.0000 Secunia PSI (1.9.0.5004) 10.11.2010 Skype™ 5.9 Skype Technologies S.A. 13.06.2012 19,3MB 5.9.123 SSH Secure Shell 20.07.2010 SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 eRightSoft 10.04.2012 52,6MB v2012.build.51 SUPERAntiSpyware SUPERAntiSpyware.com 10.09.2011 63,6MB 5.0.1108 Sweet Home 3D version 2.3 eTeks 15.05.2010 TeamSpeak 2 RC2 Dominating Bytes Design 27.04.2010 2.0.32.60 TeamSpeak 3 Client TeamSpeak Systems GmbH 29.10.2010 The Regex Coach 0.9.2 Dr. Edmund Weitz 06.09.2011 0.9.2 ThreatFire PC Tools 10.09.2011 TreeSize Free V2.5 JAM Software 14.12.2010 3,50MB 2.5 Upgrade Kit Acer Inc. 27.04.2010 1.00.4001 VLC media player 1.1.4 VideoLAN 08.10.2010 1.1.4 VMware vSphere Client 4.1 VMware, Inc. 04.01.2011 376MB 4.1.0.12319 VR-NetWorld 30.11.2011 Win7codecs Shark007 08.09.2010 60,1MB 2.6.2 Winamp Nullsoft, Inc 11.10.2010 5.581 Winamp Erkennungs-Plug-in Nullsoft, Inc 11.10.2010 75,00KB 1.0.0.1 Windows Live Anmelde-Assistent Microsoft Corporation 09.10.2010 1,94MB 5.000.817.1 Windows Live Essentials Microsoft Corporation 27.04.2010 14.0.8050.1202 Windows Live Sync Microsoft Corporation 12.01.2009 2,80MB 14.0.8050.1202 Windows Live-Uploadtool Microsoft Corporation 12.01.2009 0,22MB 14.0.8014.1029 Windows Media Player Firefox Plugin Microsoft Corp 25.05.2010 0,29MB 1.0.0.8 Windows-Treiberpaket - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.64.42) YUAN High-Tech Development Co. Ltd. 27.04.2010 12/14/2007 6.1.64.42 WinHTTrack Website Copier 3.44-5 (x64) HTTrack 04.03.2012 3.44.5 WinRAR 4.00 (64-bit) win.rar GmbH 27.04.2011 4.00.0 XMedia Recode 2.2.6.8 Sebastian Dörfler 08.09.2010 2.2.6.8 XMind XMind Ltd. 19.01.2011 3.2.1 Geändert von Diakon (14.06.2012 um 08:15 Uhr) |
14.06.2012, 09:02 | #4 | |
/// Helfer-Team | Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck Systemreinigung und Prüfung: 1. Hast Du absichtlich die IP so als Proxy eingestellt? Code:
ATTFilter IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 191.1.XXXX:8080 Deine eigenen Einstellungen, sofern Du welche vorgenommen hast?: Code:
ATTFilter FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - prefs.js..network.proxy.backup.ftp: "191.1.XXXXX" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.gopher: "191.1.XXXXX" FF - prefs.js..network.proxy.backup.gopher_port: 8080 FF - prefs.js..network.proxy.backup.socks: "191.1.XXXXX" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "191.1.XXXXX" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "191.1.XXXXX" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "191.1.XXXXX" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "191.1.1.50" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1,XXanet,dokXXXXX" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "191.1.XXXXX" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "191.1.XXXXX" FF - prefs.js..network.proxy.ssl_port: 8080 Hast du es denn in der Hosts selbst eingetragen bzw absichtlich zugefügt? Wenn ja, warum? Code:
ATTFilter O1 - Hosts: 109.237.XXXX xxxxwerbung.de O1 - Hosts: 109.237.XXXX xxxxxgraesxxxe Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten): HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter R3 - URLSearchHook: (no name) - - (no file) O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') Zitat:
Code:
ATTFilter :OTL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_m3201 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_m3201 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_m3201 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.de/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE360DE360 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "http://start.icq.com/" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 [2012.06.14 08:24:01 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-596608549-2719220304-2657583658-1000UA.job [2012.06.14 08:17:16 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.14 07:48:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.13 20:23:07 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-596608549-2719220304-2657583658-1000Core.job :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
6. kann ich nicht zuordnen, um was handelt es sich dabei ?: Code:
ATTFilter [2012.05.28 14:18:35 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\gpdf2swf Javaversion nicht installiert? 8. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Wie kann ich den Cache im Internet Explorer leeren? 9. reinige dein System mit CCleaner:
10. erneut einen Scan mit OTL:
11. poste erneut - nach der vorgenommenen Reinigungsaktion: TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (14.06.2012 um 09:08 Uhr) |
14.06.2012, 09:20 | #5 |
| Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck Hi, bin aktuell nicht am Rechner; erst heute Abend wieder. Nichts desto trotz, schon einmal ein kleines Feedback! 1. Das ist dann der Firmen Proxy (wenn ich per VPN eingewählt bin) damit ich über den Surfen kann. Bei Bedarf aktiviere ich den Eintrag dann. In der Log habe ich die IP exta unkenntlich gemacht. 2. siehe oben alle XXX sind von mir, die Umgehungen sind eingetragen um auf Intranet und Dokumentenportal intern zu greifen zu können. 3. Ich Programmiere (viel) und wenn eine Internetseite umgestellt wird und die Router im Internet nicht schnell genug nach ziehen muss ich die Hosts eintragen. Dazu liegt eine Hostdatei auf meinem Desktop. Mit der Überschreibe ich durch administratives Kopieren die Original-Datei. in der Original-Datei waren noch nie einträge drinnen, die nicht durch mich da rein kamen (ich mache das ca. 1mal im Monat). 4. & 5. Mache ich heute Abend direkt wenn ich zu Hause bin 6. Eine PDF zu SWF Engine (siehe Punkt 3. Webprogrammierung) , diese brauch ich aber nicht mehr, war nur ein Test. EDIT : kam / kommt von hier: hxxp://www.swftools.org/ 7. JAVA hatte ich nach dem Virenfund direkt deinstalliert (zeurst cahes geleert via konsole dann deinstall), da ich den kram sowieso nie brauch/brauchte. Ich hatte 1.6.22 und 1.7 auf dem System. (sry !) 8. bis 11. heute abend Vielen lieben dank für die genommen Zeit. grüsse christian Log von OTL nach Reinigung Code:
ATTFilter All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "ICQ Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. File C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-596608549-2719220304-2657583658-1000UA.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-596608549-2719220304-2657583658-1000Core.job moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\christian\Desktop\cmd.bat deleted successfully. C:\Users\christian\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: christian ->Temp folder emptied: 229509394 bytes ->Temporary Internet Files folder emptied: 520141620 bytes ->FireFox cache emptied: 54632500 bytes ->Google Chrome cache emptied: 265631538 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 2860518 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: katja ->Temp folder emptied: 18631592 bytes ->Temporary Internet Files folder emptied: 83197435 bytes ->Java cache emptied: 25802292 bytes ->FireFox cache emptied: 42162206 bytes ->Flash cache emptied: 47409 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 201117534 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.377,00 mb OTL by OldTimer - Version 3.2.48.0 log created on 06142012_163806 Files\Folders moved on Reboot... C:\Users\christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.06.2012 17:05:43 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\christian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 50,81% Memory free 8,63 Gb Paging File | 6,48 Gb Available in Paging File | 75,09% Paging File free Paging file location(s): c:\pagefile.sys 5000 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 141,74 Gb Total Space | 28,89 Gb Free Space | 20,38% Space Free | Partition Type: NTFS Drive D: | 141,70 Gb Total Space | 99,61 Gb Free Space | 70,30% Space Free | Partition Type: NTFS Drive L: | 5,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive M: | 3,81 Gb Total Space | 1,50 Gb Free Space | 39,44% Space Free | Partition Type: FAT32 Computer Name: PC0101 | User Name: christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 08:23:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.18 16:29:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.18 16:29:10 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012.05.18 16:29:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.18 16:29:10 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.18 16:29:10 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.18 16:29:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.04.04 07:05:28 | 000,021,392 | ---- | M] () -- C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.04.04 07:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\sgskies\Kies\KiesTrayAgent.exe PRC - [2012.03.21 21:18:53 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2011.09.30 00:19:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.05.07 19:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe PRC - [2010.01.14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe PRC - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe PRC - [2009.09.05 18:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2009.08.26 01:11:06 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2008.12.04 14:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.07.01 10:38:18 | 000,270,422 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 16:54:31 | 000,115,137 | ---- | M] () -- C:\Users\christian\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll MOD - [2012.06.13 08:09:44 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.06.13 08:09:24 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.06.13 08:09:16 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.06.13 08:09:05 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.06.13 08:09:02 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.05.10 20:47:03 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.05.10 20:43:49 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 20:43:26 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.05.09 23:15:00 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.05.09 23:11:02 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.05.09 23:11:02 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.05.09 23:11:00 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.05.09 23:10:53 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.05.09 23:10:46 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.04.04 07:05:28 | 000,021,392 | ---- | M] () -- C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2008.12.03 15:05:26 | 000,135,168 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL MOD - [2008.11.26 11:56:02 | 000,057,344 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.07.08 05:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.18 16:29:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.18 16:29:10 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012.05.18 16:29:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.18 16:29:10 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.18 16:29:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.05 13:17:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.26 22:48:54 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.09.30 00:19:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.09.11 17:39:49 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.11.09 15:24:32 | 000,838,200 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2010.08.31 20:16:18 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.05.07 19:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire) SRV - [2009.08.26 01:11:06 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2009.08.13 15:54:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.07.01 10:38:18 | 000,270,422 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.18 16:29:13 | 000,139,360 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot) DRV:64bit: - [2012.05.18 16:29:13 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.18 16:29:13 | 000,114,128 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim) DRV:64bit: - [2012.05.18 16:29:13 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.27 03:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2011.10.27 03:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2011.10.27 03:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2011.10.27 03:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.10.27 03:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.10.27 03:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011.10.27 03:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2011.10.22 14:49:47 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.08 06:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.07.08 06:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.07.08 04:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.10 03:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC) DRV:64bit: - [2010.11.10 03:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2010.11.06 01:10:47 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri) DRV:64bit: - [2010.11.06 01:10:24 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2010.11.06 01:10:24 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.19 21:27:01 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.01.14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon) DRV:64bit: - [2010.01.14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon) DRV:64bit: - [2010.01.14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon) DRV:64bit: - [2009.11.04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2009.11.04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2009.11.04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk) DRV:64bit: - [2009.11.04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk) DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.08.26 00:43:18 | 000,034,600 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:64bit: - [2009.06.24 12:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.04 01:20:48 | 000,113,168 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.05.04 18:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.02.20 19:09:18 | 000,054,272 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys -- (GigasetGenericUSB_x64) DRV:64bit: - [2008.07.29 18:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDVdisk.sys -- (psdvdisk) DRV:64bit: - [2008.07.29 18:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDNServ.sys -- (PSDNServ) DRV:64bit: - [2008.07.29 18:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\psdfilter.sys -- (PSDFilter) DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV:64bit: - [2008.04.16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2008.04.02 06:40:18 | 000,215,568 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2008.01.30 11:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2008.01.30 11:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.09.30 10:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF A9 5B B7 3D 4A CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 191.1.1.51:8080 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.10 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3 FF - prefs.js..extensions.enabledItems: senseo@nicosteiner.de:1.5.5 FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.3 FF - prefs.js..extensions.enabledItems: {66B2CEAE-80B4-46b0-8E4D-586721E5C1FA}:1.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - prefs.js..network.proxy.backup.ftp: "191.1.1.50" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.gopher: "191.1.1.50" FF - prefs.js..network.proxy.backup.gopher_port: 8080 FF - prefs.js..network.proxy.backup.socks: "191.1.1.50" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "191.1.1.50" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "191.1.1.50" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "191.1.1.50" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "191.1.1.50" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1,intranet,dokhk1-21.si-aubi.siegenia-aubi.com" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "191.1.1.50" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "191.1.1.50" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.26 22:48:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.18 22:06:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 23:41:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.08.15 00:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions [2010.08.15 00:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.12 08:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions [2012.04.11 09:10:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2010.12.29 18:47:32 | 000,000,000 | ---D | M] (FoxGuide) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{66B2CEAE-80B4-46b0-8E4D-586721E5C1FA} [2012.06.12 08:13:54 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.06.03 23:49:03 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012.04.26 22:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.09 10:04:59 | 000,009,489 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8IOAJHYT.DEFAULT\EXTENSIONS\{E6C93316-271E-4B3D-8D7E-FE11B4350AEB}.XPI [2012.05.17 20:26:01 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8IOAJHYT.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012.04.26 22:48:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.27 20:35:34 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.01.26 10:52:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.26 10:52:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AT_ChloeV4 = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pillplnpmfjckedkedpaoembffbpklnf\2_0\ CHR - Extension: Google Mail = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.14 08:27:38 | 000,000,085 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 109.237.137.53 www.rs-werbung.de O1 - Hosts: 109.237.137.53 www.kanalreinigung-graesel.de O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [KiesTrayAgent] C:\sgskies\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_S248E.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [KiesHelper] C:\sgskies\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab (Battlefield Play4Free Updater) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.siegenia-aubi.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{006F36B7-495D-459B-B7E7-10E559DB48D4}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.02.12 21:53:42 | 000,000,277 | R--- | M] () - L:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2008.11.03 14:30:00 | 000,000,043 | ---- | M] () - M:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 16:38:06 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.14 08:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012.06.14 08:25:29 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.06.14 08:23:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe [2012.06.14 07:57:27 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.06.14 07:57:27 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.06.14 07:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.06.14 07:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.06.13 07:41:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.13 07:41:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.13 07:41:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.13 07:41:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.13 07:41:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.13 07:41:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.13 07:41:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.13 07:41:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.13 07:41:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.13 07:41:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.13 07:41:23 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.13 07:41:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.13 07:41:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.13 07:39:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 07:39:23 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 07:39:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 07:39:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 07:39:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 07:39:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 07:39:13 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 07:38:31 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 07:38:30 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.12 08:42:34 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.06.12 08:14:10 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\QuickScan [2012.06.12 07:52:21 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys [2012.06.12 07:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security [2012.06.12 07:30:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012.06.12 07:30:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012.06.12 07:30:16 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012.06.12 07:30:16 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012.06.12 07:30:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012.06.12 07:30:16 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012.06.12 07:30:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012.06.12 07:30:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012.06.12 07:30:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012.06.12 07:30:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012.06.12 07:30:16 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012.06.12 07:30:16 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012.06.12 07:30:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012.06.12 07:30:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012.06.12 07:30:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012.06.12 07:30:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012.06.12 07:30:16 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012.06.12 07:30:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012.06.12 07:30:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012.06.12 07:30:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012.06.12 07:30:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012.06.12 07:30:15 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012.06.12 07:30:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012.06.12 07:30:15 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012.06.12 07:30:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012.06.12 07:30:15 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012.06.12 07:30:14 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012.06.12 07:30:14 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012.06.12 07:30:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012.06.12 07:30:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012.06.12 07:30:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012.06.12 07:30:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012.06.12 07:30:14 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012.06.12 07:30:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012.06.12 07:30:14 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012.06.12 07:30:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012.06.12 07:30:14 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012.06.12 07:30:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012.06.12 07:30:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012.06.12 07:30:14 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012.06.12 07:30:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012.06.12 07:30:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012.06.12 07:30:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012.06.12 07:30:13 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012.06.12 07:30:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012.06.12 07:30:13 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012.06.12 07:30:13 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012.06.12 07:30:13 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012.06.12 07:30:13 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012.06.12 07:30:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012.06.12 07:30:13 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012.06.12 07:30:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012.06.12 07:30:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012.06.12 07:30:13 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012.06.12 07:30:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012.06.12 07:30:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012.06.12 07:30:13 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012.06.12 07:30:12 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.06.12 07:30:12 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.06.11 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.05.28 14:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\fptffb [2012.05.28 14:34:49 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Kvisoft [2012.05.28 14:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kvisoft [2012.05.28 14:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\flippagemaker [2012.05.28 14:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF [2012.05.28 14:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Flip Book - freeware [2012.05.28 14:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF to Flip Book - freeware [2012.05.28 14:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\flipBook [2012.05.28 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Boxtools [2012.05.28 14:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlipPDF to Flash (freeware) [2012.05.28 14:18:35 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\gpdf2swf [2012.05.28 14:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf2swf [2012.05.28 14:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SWFTools [2012.05.26 09:46:47 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Installer6972 [2012.05.20 14:15:18 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\FastStone [2012.05.20 14:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer [2012.05.20 14:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Photo Resizer [2012.05.20 14:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.20 14:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.20 14:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.05.18 09:26:51 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\XMedia Recode ========== Files - Modified Within 30 Days ========== [2012.06.14 17:17:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.14 17:10:25 | 000,011,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 17:10:25 | 000,011,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 17:02:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.14 17:02:07 | 3019,251,712 | -HS- | M] () -- C:\hiberfil.sys [2012.06.14 09:00:50 | 000,000,827 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.06.14 08:27:38 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.14 08:25:29 | 000,002,995 | ---- | M] () -- C:\Users\christian\Desktop\HiJackThis.lnk [2012.06.14 08:23:42 | 001,402,880 | ---- | M] () -- C:\Users\christian\Desktop\HiJackThis.msi [2012.06.14 08:23:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe [2012.06.14 08:00:24 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 08:00:24 | 000,658,988 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 08:00:24 | 000,620,174 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 08:00:24 | 000,132,558 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 08:00:24 | 000,108,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.14 07:24:32 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.06.13 19:30:55 | 002,321,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.13 01:01:53 | 000,004,129 | ---- | M] () -- C:\Users\christian\AppData\Roaming\com.living-e.timeEdition.plist [2012.06.12 07:30:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012.06.12 07:30:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012.06.12 07:30:16 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012.06.12 07:30:16 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012.06.12 07:30:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012.06.12 07:30:16 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012.06.12 07:30:16 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012.06.12 07:30:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012.06.12 07:30:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012.06.12 07:30:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012.06.12 07:30:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012.06.12 07:30:16 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012.06.12 07:30:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012.06.12 07:30:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012.06.12 07:30:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012.06.12 07:30:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.06.12 07:30:16 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012.06.12 07:30:16 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012.06.12 07:30:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012.06.12 07:30:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012.06.12 07:30:16 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012.06.12 07:30:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012.06.12 07:30:15 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012.06.12 07:30:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012.06.12 07:30:15 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012.06.12 07:30:15 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012.06.12 07:30:15 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012.06.12 07:30:14 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012.06.12 07:30:14 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012.06.12 07:30:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012.06.12 07:30:14 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012.06.12 07:30:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012.06.12 07:30:14 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012.06.12 07:30:14 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012.06.12 07:30:14 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012.06.12 07:30:14 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012.06.12 07:30:14 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012.06.12 07:30:14 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012.06.12 07:30:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012.06.12 07:30:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012.06.12 07:30:14 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012.06.12 07:30:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012.06.12 07:30:14 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012.06.12 07:30:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012.06.12 07:30:13 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012.06.12 07:30:13 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012.06.12 07:30:13 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012.06.12 07:30:13 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012.06.12 07:30:13 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012.06.12 07:30:13 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012.06.12 07:30:13 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012.06.12 07:30:13 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012.06.12 07:30:13 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012.06.12 07:30:13 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012.06.12 07:30:13 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012.06.12 07:30:13 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012.06.12 07:30:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.06.12 07:30:13 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012.06.12 07:30:13 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012.06.12 07:30:12 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.06.12 07:30:12 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.06.12 07:05:26 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.12 05:26:16 | 000,002,384 | ---- | M] () -- C:\Users\christian\Desktop\Google Chrome.lnk [2012.06.06 09:03:49 | 000,002,012 | -H-- | M] () -- C:\Users\christian\Documents\Default.rdp [2012.06.03 15:27:53 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.06.03 15:27:53 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.05.26 09:41:14 | 000,002,727 | ---- | M] () -- C:\Users\Public\Desktop\Lexware büro easy.lnk [2012.05.26 09:40:07 | 000,001,055 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.05.26 09:39:45 | 000,001,031 | ---- | M] () -- C:\Users\christian\Desktop\Dropbox.lnk [2012.05.20 14:13:34 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk [2012.05.20 14:02:04 | 000,000,080 | ---- | M] () -- C:\Users\christian\Desktop\hosts [2012.05.18 16:30:10 | 000,000,044 | ---- | M] () -- C:\Windows\SysNative\InstallationInfs [2012.05.18 16:29:13 | 000,139,360 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2012.05.18 16:29:13 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.18 16:29:13 | 000,114,128 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2012.05.18 16:29:13 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.18 04:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.05.18 03:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.05.18 03:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.05.18 03:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.05.18 03:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.05.18 03:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.05.18 03:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.05.18 00:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.05.18 00:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.05.18 00:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.05.18 00:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.05.18 00:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.05.18 00:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll ========== Files Created - No Company Name ========== [2012.06.14 08:25:29 | 000,002,995 | ---- | C] () -- C:\Users\christian\Desktop\HiJackThis.lnk [2012.06.14 08:23:38 | 001,402,880 | ---- | C] () -- C:\Users\christian\Desktop\HiJackThis.msi [2012.06.14 07:24:32 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.06.12 07:30:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.06.12 07:30:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.06.12 07:05:26 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.20 14:13:34 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk [2012.05.18 16:30:08 | 000,000,044 | ---- | C] () -- C:\Windows\SysNative\InstallationInfs [2012.04.12 15:33:00 | 006,157,872 | ---- | C] () -- C:\Program Files (x86)\tfbl.db4 [2012.04.12 15:32:55 | 000,603,580 | ---- | C] () -- C:\Program Files (x86)\tfwl.db5 [2012.04.12 15:32:55 | 000,047,812 | ---- | C] () -- C:\Program Files (x86)\Statistics.xml [2012.04.12 15:32:55 | 000,004,339 | ---- | C] () -- C:\Program Files (x86)\Blogs.htm [2012.04.11 08:18:46 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini [2012.04.11 08:18:46 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini [2012.04.11 08:18:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.04.11 08:16:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.02.10 12:15:16 | 000,202,240 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2012.02.10 12:14:02 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2012.02.10 12:11:48 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2012.02.10 12:11:30 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.22 20:14:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2010.11.10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2010.11.10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2010.10.06 23:01:46 | 000,000,036 | ---- | C] () -- C:\Users\christian\AppData\Local\housecall.guid.cache [2010.09.30 22:47:58 | 000,004,129 | ---- | C] () -- C:\Users\christian\AppData\Roaming\com.living-e.timeEdition.plist [2010.09.21 19:52:15 | 000,007,617 | ---- | C] () -- C:\Users\christian\AppData\Local\Resmon.ResmonCfg [2010.08.31 20:23:02 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll [2010.08.01 19:20:11 | 000,011,776 | ---- | C] () -- C:\Users\christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.21 22:09:26 | 000,000,600 | ---- | C] () -- C:\Users\christian\AppData\Local\PUTTY.RND [2010.06.23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.06.23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll ========== LOP Check ========== [2011.05.17 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Acer Arcade Live [2010.04.28 19:13:49 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Acer GameZone Console [2010.04.28 19:13:50 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Artisteer [2010.06.10 21:40:19 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\ASCON Installer [2010.06.10 21:42:30 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\ASCON Programme [2010.04.28 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Broad Intelligence [2010.10.21 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Bytescout SWF To Video Scout [2011.07.23 13:46:36 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\DAEMON Tools Lite [2012.06.14 17:03:58 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Dropbox [2010.04.28 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Epson [2010.04.28 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\eSobi [2012.06.13 23:19:16 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\FileZilla [2011.10.25 01:21:02 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\FRITZ! [2011.10.25 01:16:06 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\FRITZ!fax für FRITZ!Box [2012.03.18 22:44:41 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\GoodSync [2012.05.28 14:46:48 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\gpdf2swf [2010.08.28 11:21:13 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\gtk-2.0 [2012.05.21 08:48:26 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\ICQ [2012.04.09 23:03:05 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\IrfanView [2010.12.15 07:54:36 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\JAM Software [2010.04.28 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Juniper Networks [2011.02.04 09:14:52 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Leadertech [2012.03.27 21:04:14 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Lexware [2012.01.18 09:49:20 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\MyPhoneExplorer [2012.03.27 23:11:56 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Notepad++ [2011.03.02 22:33:11 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\OpenOffice.org [2011.09.29 23:39:29 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Origin [2011.05.17 18:45:58 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\PowerCinema [2012.06.12 08:14:15 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\QuickScan [2012.03.01 19:32:12 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Samsung [2011.04.09 12:13:27 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Sony [2010.04.28 19:14:15 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\springlobby [2010.04.28 19:14:15 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\springsettings [2012.02.16 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\TeamViewer [2012.04.09 17:56:56 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Temp [2010.08.15 00:30:41 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Thunderbird [2010.09.30 22:41:33 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\timeEdition [2011.07.23 13:46:35 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\TS3Client [2010.12.30 11:30:16 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\WD [2010.09.09 20:39:47 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Win7codecs [2012.05.18 09:26:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\XMedia Recode [2012.06.03 11:37:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > [/CODE] EXTRAS OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.06.2012 17:05:43 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\christian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 50,81% Memory free 8,63 Gb Paging File | 6,48 Gb Available in Paging File | 75,09% Paging File free Paging file location(s): c:\pagefile.sys 5000 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 141,74 Gb Total Space | 28,89 Gb Free Space | 20,38% Space Free | Partition Type: NTFS Drive D: | 141,70 Gb Total Space | 99,61 Gb Free Space | 70,30% Space Free | Partition Type: NTFS Drive L: | 5,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive M: | 3,81 Gb Total Space | 1,50 Gb Free Space | 39,44% Space Free | Partition Type: FAT32 Computer Name: PCNAME | User Name: christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11BB73FF-798F-40DB-A1DB-8A07EDE78904}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2189C906-7B8C-402D-8DF2-24C0ADBC9568}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{47CA5C7B-AE68-4696-A984-0637FCAAD9A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{51F39388-F022-4C21-BB43-7FC2AE1AE4F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{61C22ECB-9A8E-4E3A-AEB0-D6922A11AB80}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{6E0E4D0A-4250-4FD5-A226-CA3FC642DA24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{754F2325-4E56-4346-8ED3-8EBBC21C2BAF}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{A291A0FA-41D6-4688-B033-104E22DF9451}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B8A7AB7D-ECD4-4D01-AB0D-44A74F81F283}" = rport=10243 | protocol=6 | dir=out | app=system | "{C61C8ED3-593B-4AB1-98A0-DDA266217725}" = lport=2869 | protocol=6 | dir=in | app=system | "{CACF043D-3E0F-4812-9993-C89AF0E2E4B6}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{D4C5D12D-522D-46CD-B77E-D514C1D79C1F}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{DD076F0E-D76B-45E6-8B21-8116BFDF056E}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02895136-2953-4AA3-91D9-5ABE8679C608}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{04318EAD-44D7-4673-97A3-850E7C31CFFE}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{06310750-BC8F-466F-BD46-B00E790CB92D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | "{0C25CB91-000C-4CCD-ADE1-6ABDFB3F80E3}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{11E6FD0E-43D7-4602-AAF6-C3DA44C21421}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1483C3B7-9A4C-4D2B-807A-BA5241E13C61}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | "{171FC6A2-88BE-428D-9B2E-E9D20FE16BB7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | "{24E8AC26-6B79-4BE3-A5E4-81A907CB2198}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2BF66F0A-B2AC-4D88-AC2E-738BC9874EFA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{2F95D6D5-0CBD-4DF9-A36F-35E971FA6020}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{39926324-1000-4A95-B5F2-89B7EBF27FF2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4A632540-2024-4F80-8EDE-EC41525095DF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{50441755-6B61-4D46-8C42-178299A09876}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{50B26A08-DBD4-4CE8-861D-6C68BB38152F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{52CB2D54-2DAD-47EF-A5D1-2ED89DC49FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{562B8D58-C7BD-478C-AF21-8C9E1B1E41FF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{5C809487-561D-466B-9074-48EC8B535D3F}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | "{5CDA88D4-177C-4ED6-9C5D-B75A0E14C08A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6416E59D-6A4F-4EED-8B59-907F1BD3A449}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{685FA085-8D5F-4ECD-B1C0-4063DE3BF2CC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6D61298E-83F6-4CB3-AB73-80A28119AD00}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7CFBF133-2DA0-4678-B03E-68AC77211389}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{81287567-F451-42FD-94E3-C9B48E48C272}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{82B8E191-916E-4C9C-A71D-B0080812BF1E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{838E071C-3FAE-4C3A-B0EE-9CE5EC4A750A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{871B1655-6758-49BB-90A4-C07872CB5AD6}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{897AF581-A425-4F43-A330-3FA82A58422E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{89B56BBC-C1F9-43E9-AA1D-1B63F2CE72E3}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | "{8D015DFF-36A9-426D-BF9E-C1B9DB4E3A97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8E95CF50-C816-4867-BC09-C99F58815AFC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{8F317029-672D-4ED6-BC4D-518190288307}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9049EF3A-F1B5-431A-953C-087647B556CD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{97206B30-C2A9-4EB7-9CC0-EC0C453AFF27}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A491E7AE-EDE6-4C48-9DC5-C08F7F651035}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{ACF6D1C6-796C-4CC6-9F71-9A8E59A4A0BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AF1D213D-5AC4-44CD-9CA8-326CE54DE968}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | "{BF0782E6-983C-4D2A-82F1-76F3B31D4983}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | "{CCE08ABF-AB11-4C8C-B155-007C20373CF4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | "{CE22AB43-7630-4AC5-965C-7DB5A9479142}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{D0363F90-F40A-49C3-A784-1B4D03CADC1A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{D4A97559-5287-45A4-9E61-F023160578D8}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | "{D4F756F9-7538-40C4-9E5A-EEBB871497C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{D556BCB8-D64F-4903-A1DC-2F0C3233A270}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DC34362F-1768-4AE7-8EC7-1C704487F5BA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{DE018B22-F774-473E-80BB-DC1DAAA2AD63}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | "{E17FB817-9D85-4574-A049-1DDF3603D896}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{E2A36AE3-9D88-4272-BB12-A15BAECA97BF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{E7B038DC-0881-40C9-82AB-97399B26F073}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{E8A071C8-9D9C-4A7B-BC61-FEE96653D199}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{EC71FA35-43A4-4197-B913-E0AD3B220269}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{ED5EE59D-5F6B-4C11-8D16-F98EB84B4EE4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | "{F5DB139F-ADFC-4631-B3B2-0AABD89F4B07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F862E470-0D86-4A38-BEEC-31B8DEA03937}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{FBD9CA5A-756C-40FE-9D37-9DE2561DC37B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FD82090E-71D4-4065-86F1-B75010396D1F}" = protocol=6 | dir=out | app=system | "TCP Query User{0F6885B1-4261-4327-9A0F-90D0AAAA3704}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{0FA38312-AFA6-4B91-A81E-52A8E84A12FA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{18A14C63-BC6C-46AB-9668-44B0F694F800}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{38C73711-8557-4A7A-BC59-5E2697F9918D}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | "TCP Query User{71D52A7B-A1AE-462D-B8FB-E473F03D315E}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "TCP Query User{8A81B094-A79D-4206-A815-EF3A25895382}E:\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=e:\wd discovery software\wd discovery.exe | "TCP Query User{970D6D71-56CC-4DE9-A293-D6059EB31B24}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "TCP Query User{A4ACBC05-E34E-4DEC-8F78-64A136D8A8E1}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | "TCP Query User{BF0E2C38-9F2D-4B50-8DB1-FA4825C026F2}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | "UDP Query User{157BAB03-D439-4828-AD36-D2149C4CD4D1}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "UDP Query User{26930EC0-F54D-413A-A376-7118631638D3}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | "UDP Query User{6B12DCCD-35A0-47CF-8E7F-608D6F39137C}E:\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=e:\wd discovery software\wd discovery.exe | "UDP Query User{78A9CDE5-7A0A-4EB5-9A09-7BD5497839EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{8842D711-2F11-4F9A-A05B-F0BAF7196647}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{95FCF307-A24D-4451-9879-E3E05B7EFE66}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{C1879AD7-CF55-41C9-A5AF-0E226B7A93C5}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | "UDP Query User{C1F06034-7F75-41C9-AA70-E5C7644E0016}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{F7CC42D6-06DC-4ABA-998C-01A9FC431512}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{239558A4-D19F-44CE-5546-3C6653306B27}" = AMD Drag and Drop Transcoding "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{51317AF5-D39F-49EC-A4B5-87451466B837}" = AMD Fuel "{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}" = ATI Catalyst Install Manager "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{a325d0b9-0b5e-4ad1-9c5f-e39aa43f8c9d}" = Gigaset QuickSync "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64) "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DCDC59E6-A428-D091-C5A2-AC15B54FEFF1}" = ATI AVIVO64 Codecs "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F7BBC6A1-A3C9-4745-BFFF-6BAA485D89C3}" = PG583_64_inf "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "C5AA3B5CB0B86D325AD6960FFC90ABB1076B8FA7" = Windows-Treiberpaket - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.64.42) "CCleaner" = CCleaner "EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64) "NVIDIA Drivers" = NVIDIA Drivers "Redirection Port Monitor" = RedMon - Redirection Port Monitor "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-5 (x64) "WinRAR archiver" = WinRAR 4.00 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{09B9A2C2-FB96-BA16-60E3-23B7B12A69BE}" = Application Profiles "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{204294E8-371C-4DFB-8162-EF5BB4FEBFE1}" = Lexware Abschreibungsrechner "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3 "{41581163-87FB-4E8E-92C2-10366F8A3291}" = Lexware büro easy 2012 Vorteilsedition "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3 "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5880E4AC-88AC-AADB-0DCB-2A78093A8259}" = HydraVision "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{801EFC7D-AA66-F889-030D-C96E99F884A4}" = Catalyst Control Center InstallProxy "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9EFF1D7C-C4B0-4DEF-965C-261CB9604CD9}" = Lexware Elster "{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1 "{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine "{B1B669F9-B9FE-486D-924F-D6678FDB0FD5}" = Adobe Setup "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator "{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{B75932F6-EC0A-4E3A-AA7A-11AAC267B8A3}" = Adobe Creative Suite 3 Design Premium "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3 "{CB21905F-BE58-4DC9-8FC1-6EE2EA210423}" = Lexware online banking "{CD82DA39-2F2D-433E-5CB7-1C17A8C50E77}" = Catalyst Control Center InstallProxy "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DA2A851C-6E2B-4677-9DA5-5ED9A3B227E2}" = Quake Live Internet Explorer Plugin "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Adobe_dba14d7ef3aa07282d2b5a7a98d902a" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen "AmoK Find More!" = AmoK Find More! 1.1 "Architektur Designer 2007_is1" = Architektur Designer 2007 "Avira AntiVir Desktop" = Avira Internet Security 2012 "Battlelog Web Plugins" = Battlelog Web Plugins "DirSync" = DirSync 2.93 "DVDFab 8 Qt_is1" = DVDFab 8.1.7.3 (01/04/2012) Qt "DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011) "EPSON Scanner" = EPSON Scan "Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch "ESET Online Scanner" = ESET Online Scanner v3 "FastStone Photo Resizer" = FastStone Photo Resizer 3.1 "FileHippo.com" = FileHippo.com Update Checker "FileZilla Client" = FileZilla Client 3.5.3 "FreePDF_XP" = FreePDF (Remove only) "FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "IMAPSize_is1" = IMAPSize 0.3.7 "Imgares_is1" = Imgares "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IrfanView" = IrfanView (remove only) "Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0 "Logitech Vid" = Logitech Vid HD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MediaCoder" = MediaCoder 0.7.3.4602 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "Notepad++" = Notepad++ "Origin" = Origin "PAYBACK Toolbar_is1" = PAYBACK Toolbar 1.2 "PDF to Flip Book - freeware_is1" = PDF to Flip Book - freeware "PunkBusterSvc" = PunkBuster Services "Secunia PSI" = Secunia PSI (1.9.0.5004) "Sweet Home 3D_is1" = Sweet Home 3D version 2.3 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "The Regex Coach_is1" = The Regex Coach 0.9.2 "TreeSize Free_is1" = TreeSize Free V2.5 "VLC media player" = VLC media player 1.1.4 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "XMedia Recode" = XMedia Recode 2.2.6.8 "XMind" = XMind ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome "Juniper_Setup_Client" = Juniper Networks Setup Client "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.06.2012 16:13:06 | Computer Name = PCNAME | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15476 Error - 13.06.2012 16:13:06 | Computer Name = PCNAME | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15476 Error - 13.06.2012 17:21:11 | Computer Name = PCNAME | Source = Application Hang | ID = 1002 Description = Programm QBW32.exe, Version 25.30.4.56 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1840 Startzeit: 01cd49a633314567 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\lexware\bueroeasy\QBW32.exe Berichts-ID: 9bb8f998-b59d-11e1-861f-002268080226 Error - 13.06.2012 17:25:00 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 01:13:06 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 01:53:22 | Computer Name = PCNAME | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446, Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x082f08be ID des fehlerhaften Prozesses: 0x1860 Startzeit der fehlerhaften Anwendung: 0x01cd49ed67c6e0c5 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 3f9386c1-b5e5-11e1-8706-002268080226 Error - 14.06.2012 02:17:09 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 10:18:58 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 10:32:28 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 10:46:14 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 11:02:45 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 14.06.2012 10:31:36 | Computer Name = PCNAME | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 14.06.2012 10:32:19 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Error - 14.06.2012 10:44:39 | Computer Name = PCNAME | Source = DCOM | ID = 10010 Description = Error - 14.06.2012 10:45:23 | Computer Name = PCNAME | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 14.06.2012 10:46:04 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Error - 14.06.2012 11:01:08 | Computer Name = PCNAME | Source = DCOM | ID = 10010 Description = Error - 14.06.2012 11:01:58 | Computer Name = PCNAME | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 14.06.2012 11:02:37 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Error - 14.06.2012 11:04:42 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht. Error - 14.06.2012 11:04:42 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > hijacke Code:
ATTFilter HiJackthis Logfile: hiho, bin mit allem Anweisungen fertig. grüsse christian Geändert von Diakon (14.06.2012 um 09:36 Uhr) |
14.06.2012, 17:03 | #6 |
| Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck Hi, das System fühlt sich nun sehr aufgeräumt an aber es öffnen nun seit dem Aufräumen immer 4 Tabs im IE? 1) MSN 2) leer 3) leer 1 UTF-Zeichen in der URL als Ascii stehen Beispiel: x--s9d 4) anderes zeichen so wie in 3) Kann ich doch einfach aus der reg. löschen oder? grüsse |
14.06.2012, 19:42 | #7 | |
/// Helfer-Team | Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck 1. wozu wird benötigt?: PAYBACK Toolbar meiste Toolbars bzw Browserhelper wollen sich doch nur wichtig machen 2. Zitat:
Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. :Files C:\Users\christian\AppData\Roaming\gpdf2swf ipconfig /flushdns /c :Commands [purity] [emptytemp]
3. ► Empfehlungen/Vorschläge: An deiner Stelle würde ich aus dem Autostart folgende Programme rausnehmen: Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.- Bei allem Häkchen weg was nicht starten soll. Die Programme bleiben dabei erhalten, falls man braucht, kann jederzeit manuell gestartet werden! Code:
ATTFilter Du solltest nie deaktivieren : Grafiktreibers Firewall Antivirenprogramm Sound um den Autostart von Windows XP zu verwalten:-> "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart ► Vista u. Win7: "Start -> Alle Programme-> Zubehör-> Ausführen" .. und gibst Du "msconfig" (ohne "") ein ->OK -> Systemstart-> Häckhen weg (Autostart-Einträge, die Du nicht findest, einfach mit HijackThis fixen: Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [KiesTrayAgent] C:\sgskies\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_S248E.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [KiesHelper] C:\sgskies\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\sgskies\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) Für die aufgelisteten Programme gelten zusätzlich, dass man nach Aktualisierung (AfterUpdate) erneut unter Start und Dienste nachkontrollieren ggf erneut deaktivieren muss! 4. erneut einen Scan mit OTL:
das Problem besteht weiterhin?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
15.06.2012, 07:20 | #8 |
| Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeckCode:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found. ========== FILES ========== C:\Users\christian\AppData\Roaming\gpdf2swf folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\christian\Desktop\cmd.bat deleted successfully. C:\Users\christian\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: christian ->Temp folder emptied: 699077 bytes ->Temporary Internet Files folder emptied: 26128596 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 645 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: katja ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4404 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 26,00 mb OTL by OldTimer - Version 3.2.48.0 log created on 06152012_081208 Files\Folders moved on Reboot... C:\Users\christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Code:
ATTFilter OTL logfile created on: 15.06.2012 08:24:43 - Run 3 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\christian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 59,40% Memory free 8,63 Gb Paging File | 6,84 Gb Available in Paging File | 79,25% Paging File free Paging file location(s): c:\pagefile.sys 5000 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 141,74 Gb Total Space | 25,62 Gb Free Space | 18,07% Space Free | Partition Type: NTFS Drive D: | 141,70 Gb Total Space | 99,61 Gb Free Space | 70,30% Space Free | Partition Type: NTFS Drive L: | 5,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive M: | 3,81 Gb Total Space | 1,50 Gb Free Space | 39,44% Space Free | Partition Type: FAT32 Computer Name: PCNAME | User Name: christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 08:23:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe PRC - [2012.06.05 09:57:08 | 000,243,256 | ---- | M] (PAYBACK GmbH) -- C:\Users\christian\AppData\LocalLow\PaybackToolbar32\bin\PaybackWorker_1_2_0\PaybackWorker.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.18 16:29:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.18 16:29:10 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012.05.18 16:29:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.18 16:29:10 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.18 16:29:10 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.18 16:29:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.05 13:09:05 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.03.21 21:18:53 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\christian\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2011.09.30 00:19:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.05.07 19:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe PRC - [2010.01.14 16:08:18 | 000,148,752 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFUN.exe PRC - [2010.01.14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe PRC - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe PRC - [2009.08.26 01:11:06 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.07.01 10:38:18 | 000,270,422 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 08:09:16 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.06.13 08:09:02 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.05.09 23:11:02 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.05.09 23:11:00 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.05.09 23:10:53 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.05.09 23:10:46 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.07.08 05:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.18 16:29:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.18 16:29:10 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012.05.18 16:29:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.18 16:29:10 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.18 16:29:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.05 13:17:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.26 22:48:54 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.09.30 00:19:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.09.11 17:39:49 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.11.09 15:24:32 | 000,838,200 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2010.08.31 20:16:18 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.05.07 19:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire) SRV - [2009.08.26 01:11:06 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2009.08.13 15:54:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.07.01 10:38:18 | 000,270,422 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.18 16:29:13 | 000,139,360 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot) DRV:64bit: - [2012.05.18 16:29:13 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.18 16:29:13 | 000,114,128 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim) DRV:64bit: - [2012.05.18 16:29:13 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.27 03:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2011.10.27 03:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2011.10.27 03:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2011.10.27 03:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.10.27 03:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.10.27 03:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011.10.27 03:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2011.10.22 14:49:47 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.08 06:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.07.08 06:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.07.08 04:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.10 03:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC) DRV:64bit: - [2010.11.10 03:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2010.11.06 01:10:47 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri) DRV:64bit: - [2010.11.06 01:10:24 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2010.11.06 01:10:24 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.19 21:27:01 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.01.14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon) DRV:64bit: - [2010.01.14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon) DRV:64bit: - [2010.01.14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon) DRV:64bit: - [2009.11.04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2009.11.04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2009.11.04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk) DRV:64bit: - [2009.11.04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk) DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.08.26 00:43:18 | 000,034,600 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:64bit: - [2009.06.24 12:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.04 01:20:48 | 000,113,168 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.05.04 18:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.02.20 19:09:18 | 000,054,272 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys -- (GigasetGenericUSB_x64) DRV:64bit: - [2008.07.29 18:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDVdisk.sys -- (psdvdisk) DRV:64bit: - [2008.07.29 18:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDNServ.sys -- (PSDNServ) DRV:64bit: - [2008.07.29 18:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\psdfilter.sys -- (PSDFilter) DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV:64bit: - [2008.04.16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2008.04.02 06:40:18 | 000,215,568 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2008.01.30 11:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2008.01.30 11:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.09.30 10:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 24 1C B4 BE 4A CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 191.1.1.51:8080 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.10 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3 FF - prefs.js..extensions.enabledItems: senseo@nicosteiner.de:1.5.5 FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.3 FF - prefs.js..extensions.enabledItems: {66B2CEAE-80B4-46b0-8E4D-586721E5C1FA}:1.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - prefs.js..network.proxy.backup.ftp: "191.1.XX.XX" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.gopher: "191.1.XX.XX" FF - prefs.js..network.proxy.backup.gopher_port: 8080 FF - prefs.js..network.proxy.backup.socks: "191.1.XX.XX" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "191.1.XX.XX" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "191.1.XX.XX" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "191.1.XX.XX" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "191.1.XX.XX" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1,intdddddt,doddddddom" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "191.1.XX.XX" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "191.1.XX.XX" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.26 22:48:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.18 22:06:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 23:41:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.08.15 00:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions [2010.08.15 00:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.12 08:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions [2012.04.11 09:10:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2010.12.29 18:47:32 | 000,000,000 | ---D | M] (FoxGuide) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{66B2CEAE-80B4-46b0-8E4D-586721E5C1FA} [2012.06.12 08:13:54 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.06.03 23:49:03 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\christian\AppData\Roaming\mozilla\Firefox\Profiles\8ioajhyt.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012.04.26 22:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.09 10:04:59 | 000,009,489 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8IOAJHYT.DEFAULT\EXTENSIONS\{E6C93316-271E-4B3D-8D7E-FE11B4350AEB}.XPI [2012.05.17 20:26:01 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8IOAJHYT.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012.04.26 22:48:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.27 20:35:34 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.01.26 10:52:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.26 10:52:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\christian\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AT_ChloeV4 = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pillplnpmfjckedkedpaoembffbpklnf\2_0\ CHR - Extension: Google Mail = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.14 08:27:38 | 000,000,085 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 1xxxxxxxx3 wxxxxxde O1 - Hosts: 1xxx3 wwxxxxx.de O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) O4 - Startup: C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Program Files (x86)\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab (Battlefield Play4Free Updater) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.siegenia-aubi.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{006F36B7-495D-459B-B7E7-10E559DB48D4}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.02.12 21:53:42 | 000,000,277 | R--- | M] () - L:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2008.11.03 14:30:00 | 000,000,043 | ---- | M] () - M:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 16:38:06 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.14 08:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012.06.14 08:25:29 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.06.14 08:23:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe [2012.06.14 07:57:27 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.06.14 07:57:27 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.06.14 07:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.06.14 07:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.06.13 07:41:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.13 07:41:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.13 07:41:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.13 07:41:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.13 07:41:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.13 07:41:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.13 07:41:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.13 07:41:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.13 07:41:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.13 07:41:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.13 07:41:23 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.13 07:41:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.13 07:41:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.13 07:39:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 07:39:23 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 07:39:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 07:39:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 07:39:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 07:39:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 07:39:13 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 07:38:31 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 07:38:30 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.12 08:42:34 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.06.12 08:14:10 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\QuickScan [2012.06.12 07:52:21 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys [2012.06.12 07:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security [2012.06.12 07:30:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012.06.12 07:30:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012.06.12 07:30:16 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012.06.12 07:30:16 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012.06.12 07:30:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012.06.12 07:30:16 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012.06.12 07:30:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012.06.12 07:30:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012.06.12 07:30:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012.06.12 07:30:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012.06.12 07:30:16 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012.06.12 07:30:16 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012.06.12 07:30:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012.06.12 07:30:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012.06.12 07:30:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012.06.12 07:30:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012.06.12 07:30:16 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012.06.12 07:30:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012.06.12 07:30:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012.06.12 07:30:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012.06.12 07:30:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012.06.12 07:30:15 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012.06.12 07:30:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012.06.12 07:30:15 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012.06.12 07:30:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012.06.12 07:30:15 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012.06.12 07:30:14 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012.06.12 07:30:14 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012.06.12 07:30:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012.06.12 07:30:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012.06.12 07:30:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012.06.12 07:30:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012.06.12 07:30:14 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012.06.12 07:30:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012.06.12 07:30:14 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012.06.12 07:30:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012.06.12 07:30:14 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012.06.12 07:30:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012.06.12 07:30:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012.06.12 07:30:14 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012.06.12 07:30:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012.06.12 07:30:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012.06.12 07:30:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012.06.12 07:30:13 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012.06.12 07:30:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012.06.12 07:30:13 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012.06.12 07:30:13 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012.06.12 07:30:13 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012.06.12 07:30:13 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012.06.12 07:30:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012.06.12 07:30:13 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012.06.12 07:30:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012.06.12 07:30:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012.06.12 07:30:13 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012.06.12 07:30:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012.06.12 07:30:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012.06.12 07:30:13 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012.06.12 07:30:12 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.06.12 07:30:12 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.06.11 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.05.28 14:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\fptffb [2012.05.28 14:34:49 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Kvisoft [2012.05.28 14:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kvisoft [2012.05.28 14:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\flippagemaker [2012.05.28 14:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF [2012.05.28 14:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Flip Book - freeware [2012.05.28 14:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF to Flip Book - freeware [2012.05.28 14:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\flipBook [2012.05.28 14:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Boxtools [2012.05.28 14:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlipPDF to Flash (freeware) [2012.05.28 14:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf2swf [2012.05.28 14:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SWFTools [2012.05.26 09:46:47 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Installer6972 [2012.05.20 14:15:18 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\FastStone [2012.05.20 14:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer [2012.05.20 14:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Photo Resizer [2012.05.20 14:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.20 14:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.20 14:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.05.18 09:26:51 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\XMedia Recode ========== Files - Modified Within 30 Days ========== [2012.06.15 08:21:36 | 000,011,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.15 08:21:36 | 000,011,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.15 08:17:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.15 08:13:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.15 08:13:51 | 3019,251,712 | -HS- | M] () -- C:\hiberfil.sys [2012.06.14 09:00:50 | 000,000,827 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.06.14 08:27:38 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.14 08:25:29 | 000,002,995 | ---- | M] () -- C:\Users\christian\Desktop\HiJackThis.lnk [2012.06.14 08:23:42 | 001,402,880 | ---- | M] () -- C:\Users\christian\Desktop\HiJackThis.msi [2012.06.14 08:23:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe [2012.06.14 08:00:24 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 08:00:24 | 000,658,988 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 08:00:24 | 000,620,174 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 08:00:24 | 000,132,558 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 08:00:24 | 000,108,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.14 07:24:32 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.06.13 19:30:55 | 002,321,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.13 01:01:53 | 000,004,129 | ---- | M] () -- C:\Users\christian\AppData\Roaming\com.living-e.timeEdition.plist [2012.06.12 07:30:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012.06.12 07:30:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012.06.12 07:30:16 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012.06.12 07:30:16 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012.06.12 07:30:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012.06.12 07:30:16 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012.06.12 07:30:16 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012.06.12 07:30:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012.06.12 07:30:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012.06.12 07:30:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012.06.12 07:30:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012.06.12 07:30:16 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012.06.12 07:30:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012.06.12 07:30:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012.06.12 07:30:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012.06.12 07:30:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.06.12 07:30:16 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012.06.12 07:30:16 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012.06.12 07:30:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012.06.12 07:30:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012.06.12 07:30:16 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012.06.12 07:30:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012.06.12 07:30:15 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012.06.12 07:30:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012.06.12 07:30:15 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012.06.12 07:30:15 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012.06.12 07:30:15 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012.06.12 07:30:14 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012.06.12 07:30:14 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012.06.12 07:30:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012.06.12 07:30:14 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012.06.12 07:30:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012.06.12 07:30:14 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012.06.12 07:30:14 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012.06.12 07:30:14 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012.06.12 07:30:14 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012.06.12 07:30:14 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012.06.12 07:30:14 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012.06.12 07:30:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012.06.12 07:30:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012.06.12 07:30:14 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012.06.12 07:30:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012.06.12 07:30:14 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012.06.12 07:30:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012.06.12 07:30:13 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012.06.12 07:30:13 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012.06.12 07:30:13 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012.06.12 07:30:13 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012.06.12 07:30:13 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012.06.12 07:30:13 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012.06.12 07:30:13 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012.06.12 07:30:13 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012.06.12 07:30:13 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012.06.12 07:30:13 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012.06.12 07:30:13 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012.06.12 07:30:13 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012.06.12 07:30:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.06.12 07:30:13 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012.06.12 07:30:13 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012.06.12 07:30:12 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.06.12 07:30:12 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.06.12 07:05:26 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.12 05:26:16 | 000,002,384 | ---- | M] () -- C:\Users\christian\Desktop\Google Chrome.lnk [2012.06.06 09:03:49 | 000,002,012 | -H-- | M] () -- C:\Users\christian\Documents\Default.rdp [2012.06.03 15:27:53 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.06.03 15:27:53 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.05.26 09:41:14 | 000,002,727 | ---- | M] () -- C:\Users\Public\Desktop\Lexware büro easy.lnk [2012.05.26 09:40:07 | 000,001,055 | ---- | M] () -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.05.26 09:39:45 | 000,001,031 | ---- | M] () -- C:\Users\christian\Desktop\Dropbox.lnk [2012.05.20 14:13:34 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk [2012.05.20 14:02:04 | 000,000,080 | ---- | M] () -- C:\Users\christian\Desktop\hosts [2012.05.18 16:30:10 | 000,000,044 | ---- | M] () -- C:\Windows\SysNative\InstallationInfs [2012.05.18 16:29:13 | 000,139,360 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2012.05.18 16:29:13 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.18 16:29:13 | 000,114,128 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2012.05.18 16:29:13 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.18 04:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.05.18 03:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.05.18 03:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.05.18 03:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.05.18 03:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.05.18 03:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.05.18 03:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.05.18 00:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.05.18 00:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.05.18 00:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.05.18 00:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.05.18 00:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.05.18 00:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll ========== Files Created - No Company Name ========== [2012.06.14 08:25:29 | 000,002,995 | ---- | C] () -- C:\Users\christian\Desktop\HiJackThis.lnk [2012.06.14 08:23:38 | 001,402,880 | ---- | C] () -- C:\Users\christian\Desktop\HiJackThis.msi [2012.06.14 07:24:32 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.06.12 07:30:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.06.12 07:30:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.06.12 07:05:26 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.20 14:13:34 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk [2012.05.18 16:30:08 | 000,000,044 | ---- | C] () -- C:\Windows\SysNative\InstallationInfs [2012.04.12 15:33:00 | 006,157,872 | ---- | C] () -- C:\Program Files (x86)\tfbl.db4 [2012.04.12 15:32:55 | 000,603,580 | ---- | C] () -- C:\Program Files (x86)\tfwl.db5 [2012.04.12 15:32:55 | 000,047,812 | ---- | C] () -- C:\Program Files (x86)\Statistics.xml [2012.04.12 15:32:55 | 000,004,339 | ---- | C] () -- C:\Program Files (x86)\Blogs.htm [2012.04.11 08:18:46 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini [2012.04.11 08:18:46 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini [2012.04.11 08:18:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.04.11 08:16:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.02.10 12:15:16 | 000,202,240 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2012.02.10 12:14:02 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2012.02.10 12:11:48 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2012.02.10 12:11:30 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.22 20:14:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2010.11.10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2010.11.10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2010.10.06 23:01:46 | 000,000,036 | ---- | C] () -- C:\Users\christian\AppData\Local\housecall.guid.cache [2010.09.30 22:47:58 | 000,004,129 | ---- | C] () -- C:\Users\christian\AppData\Roaming\com.living-e.timeEdition.plist [2010.09.21 19:52:15 | 000,007,617 | ---- | C] () -- C:\Users\christian\AppData\Local\Resmon.ResmonCfg [2010.08.31 20:23:02 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll [2010.08.01 19:20:11 | 000,011,776 | ---- | C] () -- C:\Users\christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.21 22:09:26 | 000,000,600 | ---- | C] () -- C:\Users\christian\AppData\Local\PUTTY.RND [2010.06.23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.06.23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll ========== LOP Check ========== [2011.05.17 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Acer Arcade Live [2010.04.28 19:13:49 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Acer GameZone Console [2010.04.28 19:13:50 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Artisteer [2010.06.10 21:40:19 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\ASCON Installer [2010.06.10 21:42:30 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\ASCON Programme [2010.04.28 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Broad Intelligence [2010.10.21 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Bytescout SWF To Video Scout [2011.07.23 13:46:36 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\DAEMON Tools Lite [2012.06.15 08:17:06 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Dropbox [2010.04.28 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Epson [2010.04.28 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\eSobi [2012.06.13 23:19:16 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\FileZilla [2011.10.25 01:21:02 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\FRITZ! [2011.10.25 01:16:06 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\FRITZ!fax für FRITZ!Box [2012.03.18 22:44:41 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\GoodSync [2010.08.28 11:21:13 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\gtk-2.0 [2012.05.21 08:48:26 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\ICQ [2012.04.09 23:03:05 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\IrfanView [2010.12.15 07:54:36 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\JAM Software [2010.04.28 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Juniper Networks [2011.02.04 09:14:52 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Leadertech [2012.03.27 21:04:14 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Lexware [2012.01.18 09:49:20 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\MyPhoneExplorer [2012.03.27 23:11:56 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Notepad++ [2011.03.02 22:33:11 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\OpenOffice.org [2011.09.29 23:39:29 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Origin [2011.05.17 18:45:58 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\PowerCinema [2012.06.12 08:14:15 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\QuickScan [2012.03.01 19:32:12 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Samsung [2011.04.09 12:13:27 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Sony [2010.04.28 19:14:15 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\springlobby [2010.04.28 19:14:15 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\springsettings [2012.02.16 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\TeamViewer [2012.04.09 17:56:56 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Temp [2010.08.15 00:30:41 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Thunderbird [2010.09.30 22:41:33 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\timeEdition [2011.07.23 13:46:35 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\TS3Client [2010.12.30 11:30:16 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\WD [2010.09.09 20:39:47 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\Win7codecs [2012.05.18 09:26:51 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\XMedia Recode [2012.06.03 11:37:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.06.2012 08:24:44 - Run 3 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\christian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 59,40% Memory free 8,63 Gb Paging File | 6,84 Gb Available in Paging File | 79,25% Paging File free Paging file location(s): c:\pagefile.sys 5000 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 141,74 Gb Total Space | 25,62 Gb Free Space | 18,07% Space Free | Partition Type: NTFS Drive D: | 141,70 Gb Total Space | 99,61 Gb Free Space | 70,30% Space Free | Partition Type: NTFS Drive L: | 5,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive M: | 3,81 Gb Total Space | 1,50 Gb Free Space | 39,44% Space Free | Partition Type: FAT32 Computer Name: PCNAME | User Name: christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11BB73FF-798F-40DB-A1DB-8A07EDE78904}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2189C906-7B8C-402D-8DF2-24C0ADBC9568}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{47CA5C7B-AE68-4696-A984-0637FCAAD9A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{51F39388-F022-4C21-BB43-7FC2AE1AE4F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{61C22ECB-9A8E-4E3A-AEB0-D6922A11AB80}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{6E0E4D0A-4250-4FD5-A226-CA3FC642DA24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{754F2325-4E56-4346-8ED3-8EBBC21C2BAF}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{A291A0FA-41D6-4688-B033-104E22DF9451}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B8A7AB7D-ECD4-4D01-AB0D-44A74F81F283}" = rport=10243 | protocol=6 | dir=out | app=system | "{C61C8ED3-593B-4AB1-98A0-DDA266217725}" = lport=2869 | protocol=6 | dir=in | app=system | "{CACF043D-3E0F-4812-9993-C89AF0E2E4B6}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{D4C5D12D-522D-46CD-B77E-D514C1D79C1F}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{DD076F0E-D76B-45E6-8B21-8116BFDF056E}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02895136-2953-4AA3-91D9-5ABE8679C608}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{04318EAD-44D7-4673-97A3-850E7C31CFFE}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{06310750-BC8F-466F-BD46-B00E790CB92D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | "{0C25CB91-000C-4CCD-ADE1-6ABDFB3F80E3}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{11E6FD0E-43D7-4602-AAF6-C3DA44C21421}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1483C3B7-9A4C-4D2B-807A-BA5241E13C61}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | "{171FC6A2-88BE-428D-9B2E-E9D20FE16BB7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | "{24E8AC26-6B79-4BE3-A5E4-81A907CB2198}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2BF66F0A-B2AC-4D88-AC2E-738BC9874EFA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{2F95D6D5-0CBD-4DF9-A36F-35E971FA6020}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{39926324-1000-4A95-B5F2-89B7EBF27FF2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4A632540-2024-4F80-8EDE-EC41525095DF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{50441755-6B61-4D46-8C42-178299A09876}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{50B26A08-DBD4-4CE8-861D-6C68BB38152F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{52CB2D54-2DAD-47EF-A5D1-2ED89DC49FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{562B8D58-C7BD-478C-AF21-8C9E1B1E41FF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{5C809487-561D-466B-9074-48EC8B535D3F}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | "{5CDA88D4-177C-4ED6-9C5D-B75A0E14C08A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6416E59D-6A4F-4EED-8B59-907F1BD3A449}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{685FA085-8D5F-4ECD-B1C0-4063DE3BF2CC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6D61298E-83F6-4CB3-AB73-80A28119AD00}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7CFBF133-2DA0-4678-B03E-68AC77211389}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{81287567-F451-42FD-94E3-C9B48E48C272}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{82B8E191-916E-4C9C-A71D-B0080812BF1E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{838E071C-3FAE-4C3A-B0EE-9CE5EC4A750A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{871B1655-6758-49BB-90A4-C07872CB5AD6}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{897AF581-A425-4F43-A330-3FA82A58422E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{89B56BBC-C1F9-43E9-AA1D-1B63F2CE72E3}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | "{8D015DFF-36A9-426D-BF9E-C1B9DB4E3A97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8E95CF50-C816-4867-BC09-C99F58815AFC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{8F317029-672D-4ED6-BC4D-518190288307}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9049EF3A-F1B5-431A-953C-087647B556CD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{97206B30-C2A9-4EB7-9CC0-EC0C453AFF27}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A491E7AE-EDE6-4C48-9DC5-C08F7F651035}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{ACF6D1C6-796C-4CC6-9F71-9A8E59A4A0BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AF1D213D-5AC4-44CD-9CA8-326CE54DE968}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | "{BF0782E6-983C-4D2A-82F1-76F3B31D4983}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | "{CCE08ABF-AB11-4C8C-B155-007C20373CF4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | "{CE22AB43-7630-4AC5-965C-7DB5A9479142}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{D0363F90-F40A-49C3-A784-1B4D03CADC1A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{D4A97559-5287-45A4-9E61-F023160578D8}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | "{D4F756F9-7538-40C4-9E5A-EEBB871497C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{D556BCB8-D64F-4903-A1DC-2F0C3233A270}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DC34362F-1768-4AE7-8EC7-1C704487F5BA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{DE018B22-F774-473E-80BB-DC1DAAA2AD63}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | "{E17FB817-9D85-4574-A049-1DDF3603D896}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{E2A36AE3-9D88-4272-BB12-A15BAECA97BF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{E7B038DC-0881-40C9-82AB-97399B26F073}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{E8A071C8-9D9C-4A7B-BC61-FEE96653D199}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{EC71FA35-43A4-4197-B913-E0AD3B220269}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{ED5EE59D-5F6B-4C11-8D16-F98EB84B4EE4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | "{F5DB139F-ADFC-4631-B3B2-0AABD89F4B07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F862E470-0D86-4A38-BEEC-31B8DEA03937}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{FBD9CA5A-756C-40FE-9D37-9DE2561DC37B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FD82090E-71D4-4065-86F1-B75010396D1F}" = protocol=6 | dir=out | app=system | "TCP Query User{0F6885B1-4261-4327-9A0F-90D0AAAA3704}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{0FA38312-AFA6-4B91-A81E-52A8E84A12FA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{18A14C63-BC6C-46AB-9668-44B0F694F800}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{38C73711-8557-4A7A-BC59-5E2697F9918D}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | "TCP Query User{71D52A7B-A1AE-462D-B8FB-E473F03D315E}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "TCP Query User{8A81B094-A79D-4206-A815-EF3A25895382}E:\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=e:\wd discovery software\wd discovery.exe | "TCP Query User{970D6D71-56CC-4DE9-A293-D6059EB31B24}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "TCP Query User{A4ACBC05-E34E-4DEC-8F78-64A136D8A8E1}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | "TCP Query User{BF0E2C38-9F2D-4B50-8DB1-FA4825C026F2}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | "UDP Query User{157BAB03-D439-4828-AD36-D2149C4CD4D1}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "UDP Query User{26930EC0-F54D-413A-A376-7118631638D3}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | "UDP Query User{6B12DCCD-35A0-47CF-8E7F-608D6F39137C}E:\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=e:\wd discovery software\wd discovery.exe | "UDP Query User{78A9CDE5-7A0A-4EB5-9A09-7BD5497839EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{8842D711-2F11-4F9A-A05B-F0BAF7196647}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{95FCF307-A24D-4451-9879-E3E05B7EFE66}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{C1879AD7-CF55-41C9-A5AF-0E226B7A93C5}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | "UDP Query User{C1F06034-7F75-41C9-AA70-E5C7644E0016}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{F7CC42D6-06DC-4ABA-998C-01A9FC431512}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{239558A4-D19F-44CE-5546-3C6653306B27}" = AMD Drag and Drop Transcoding "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{51317AF5-D39F-49EC-A4B5-87451466B837}" = AMD Fuel "{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}" = ATI Catalyst Install Manager "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{a325d0b9-0b5e-4ad1-9c5f-e39aa43f8c9d}" = Gigaset QuickSync "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64) "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DCDC59E6-A428-D091-C5A2-AC15B54FEFF1}" = ATI AVIVO64 Codecs "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F7BBC6A1-A3C9-4745-BFFF-6BAA485D89C3}" = PG583_64_inf "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "C5AA3B5CB0B86D325AD6960FFC90ABB1076B8FA7" = Windows-Treiberpaket - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.64.42) "CCleaner" = CCleaner "EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64) "NVIDIA Drivers" = NVIDIA Drivers "Redirection Port Monitor" = RedMon - Redirection Port Monitor "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-5 (x64) "WinRAR archiver" = WinRAR 4.00 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{09B9A2C2-FB96-BA16-60E3-23B7B12A69BE}" = Application Profiles "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{204294E8-371C-4DFB-8162-EF5BB4FEBFE1}" = Lexware Abschreibungsrechner "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3 "{41581163-87FB-4E8E-92C2-10366F8A3291}" = Lexware büro easy 2012 Vorteilsedition "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3 "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5880E4AC-88AC-AADB-0DCB-2A78093A8259}" = HydraVision "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{801EFC7D-AA66-F889-030D-C96E99F884A4}" = Catalyst Control Center InstallProxy "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9EFF1D7C-C4B0-4DEF-965C-261CB9604CD9}" = Lexware Elster "{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1 "{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine "{B1B669F9-B9FE-486D-924F-D6678FDB0FD5}" = Adobe Setup "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator "{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{B75932F6-EC0A-4E3A-AA7A-11AAC267B8A3}" = Adobe Creative Suite 3 Design Premium "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3 "{CB21905F-BE58-4DC9-8FC1-6EE2EA210423}" = Lexware online banking "{CD82DA39-2F2D-433E-5CB7-1C17A8C50E77}" = Catalyst Control Center InstallProxy "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DA2A851C-6E2B-4677-9DA5-5ED9A3B227E2}" = Quake Live Internet Explorer Plugin "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings "Adobe_dba14d7ef3aa07282d2b5a7a98d902a" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen "AmoK Find More!" = AmoK Find More! 1.1 "Architektur Designer 2007_is1" = Architektur Designer 2007 "Avira AntiVir Desktop" = Avira Internet Security 2012 "Battlelog Web Plugins" = Battlelog Web Plugins "DirSync" = DirSync 2.93 "DVDFab 8 Qt_is1" = DVDFab 8.1.7.3 (01/04/2012) Qt "DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011) "EPSON Scanner" = EPSON Scan "Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch "ESET Online Scanner" = ESET Online Scanner v3 "FastStone Photo Resizer" = FastStone Photo Resizer 3.1 "FileHippo.com" = FileHippo.com Update Checker "FileZilla Client" = FileZilla Client 3.5.3 "FreePDF_XP" = FreePDF (Remove only) "FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "IMAPSize_is1" = IMAPSize 0.3.7 "Imgares_is1" = Imgares "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IrfanView" = IrfanView (remove only) "Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0 "Logitech Vid" = Logitech Vid HD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MediaCoder" = MediaCoder 0.7.3.4602 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "Notepad++" = Notepad++ "Origin" = Origin "PAYBACK Toolbar_is1" = PAYBACK Toolbar 1.2 "PDF to Flip Book - freeware_is1" = PDF to Flip Book - freeware "PunkBusterSvc" = PunkBuster Services "Secunia PSI" = Secunia PSI (1.9.0.5004) "Sweet Home 3D_is1" = Sweet Home 3D version 2.3 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "The Regex Coach_is1" = The Regex Coach 0.9.2 "TreeSize Free_is1" = TreeSize Free V2.5 "VLC media player" = VLC media player 1.1.4 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "XMedia Recode" = XMedia Recode 2.2.6.8 "XMind" = XMind ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome "Juniper_Setup_Client" = Juniper Networks Setup Client "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.06.2012 17:25:00 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 01:13:06 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 01:53:22 | Computer Name = PCNAME | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446, Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x082f08be ID des fehlerhaften Prozesses: 0x1860 Startzeit der fehlerhaften Anwendung: 0x01cd49ed67c6e0c5 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 3f9386c1-b5e5-11e1-8706-002268080226 Error - 14.06.2012 02:17:09 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 10:18:58 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 10:32:28 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 10:46:14 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 11:02:45 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = Error - 14.06.2012 12:43:57 | Computer Name = PCNAME | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 15.06.2012 02:05:45 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = Error - 15.06.2012 02:14:29 | Computer Name = PCNAME | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 14.06.2012 11:01:58 | Computer Name = PCNAME | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 14.06.2012 11:02:37 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Error - 14.06.2012 11:04:42 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht. Error - 14.06.2012 11:04:42 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 15.06.2012 02:02:59 | Computer Name = PCNAME | Source = DCOM | ID = 10010 Description = Error - 15.06.2012 02:04:56 | Computer Name = PCNAME | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 15.06.2012 02:05:35 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Error - 15.06.2012 02:12:55 | Computer Name = PCNAME | Source = DCOM | ID = 10010 Description = Error - 15.06.2012 02:13:40 | Computer Name = PCNAME | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 15.06.2012 02:14:21 | Computer Name = PCNAME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd < End of report > ------------- Rechner ist übrigends nun wieder so schnell beim Starten wie bei einer neuinstallation?! |
09.07.2012, 08:37 | #9 | ||
/// Helfer-Team | Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck ** Lass dein System in der nächste Zeit noch unter Beobachtung! 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner 2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
Themen zu Inaktive Viren auf dem Computer, bei einem Standardscan wurden aufeinmal verdächtige Dateien entdeck |
acer, aktiv, appdata, autorun.inf, avira, computer, datei, dateien, escan, exe, frage, gelöscht, gen, inf/autorun.gen, java, java/trojandownloader.openstream.ncm, live, löschen, nicht mehr, rechner, system, temp, trojaner, viren, virenscanner, virus, win32/agent.dyxwumy, zugriff |