| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.06.2012, 23:18
| #16 |
| /// Selecta Jahrusso   |  tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt In der Taskleiste einen Rechtsklick auf Avira machen und bei "aktiviert" den Haken raus nehmen.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
25.06.2012, 01:57
| #17 |
 | tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt genau so hab ich das ja schon beim ersten mal gemacht. rechtsklick und dann browser schutz und echtzeit scanner deaktiviert und dann halt beim neustart diese warnung das halt noch 2 sachen laufen und auf ok zu klicken brachte nichts.........soll ich das wirklich nochmal genau so machen?
__________________p.s. .... bin froh auf deine antwort ^^ ... hab ungeduldig gewartet :> |
|
25.06.2012, 10:04
| #18 |
| /// Selecta Jahrusso | tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt Sorry, Wochenende war stressiger als geplant.
__________________Mach einfach mal 
__________________ |
|
25.06.2012, 22:50
| #19 |
| | tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt hmm...hat geklappt xD ...... und windows firewall scheint auch wieder aktiv zu sein wie es aussieht.......hier die logs Combofix Logfile: Code:
ATTFilter ComboFix 12-06-25.03 - Rena 25.06.2012 23:36:01.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.7423.5722 [GMT 2:00]
ausgeführt von:: c:\users\Rena\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\5AFEC5A08D.sys
c:\programdata\794E834BE8.sys
c:\windows\Installer\{35f92f7d-582a-ee8b-976b-730f9f4e24be}\@
c:\windows\Installer\{35f92f7d-582a-ee8b-976b-730f9f4e24be}\U\00000001.@
c:\windows\Installer\{35f92f7d-582a-ee8b-976b-730f9f4e24be}\U\80000000.@
c:\windows\Installer\{35f92f7d-582a-ee8b-976b-730f9f4e24be}\U\800000cb.@
c:\windows\SysWow64\tmpC175.tmp
c:\windows\SysWow64\tmpC195.tmp
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-25 bis 2012-06-25 ))))))))))))))))))))))))))))))
.
.
2012-06-25 21:39 . 2012-06-25 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 19:27 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-22 19:27 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-22 15:16 . 2012-06-22 15:16 -------- d-----w- c:\users\Rena\AppData\Roaming\Avira
2012-06-22 15:13 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-22 15:13 . 2012-04-27 08:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-22 15:13 . 2012-04-24 22:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-22 15:13 . 2012-06-22 15:13 -------- d-----w- c:\program files (x86)\Avira
2012-06-21 23:08 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 23:08 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 23:08 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 23:08 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 23:08 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 23:08 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 23:08 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 23:08 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 23:08 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 23:07 . 2012-06-21 23:07 -------- d-----w- c:\users\Rena\AppData\Roaming\Malwarebytes
2012-06-21 23:06 . 2012-06-21 23:06 -------- d-----w- c:\programdata\Malwarebytes
2012-06-19 15:20 . 2012-06-19 15:20 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 15:20 . 2012-06-19 15:20 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-19 06:27 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5061DE1B-E3BA-4C48-A3FB-A530B784FFD2}\mpengine.dll
2012-06-17 21:39 . 2012-06-17 21:39 -------- d-----w- c:\programdata\Intenium
2012-06-14 21:03 . 2012-06-25 21:40 -------- d-----w- c:\users\Rena\AppData\Roaming\Nettalk
2012-06-14 21:03 . 2012-06-14 21:03 -------- d-----w- c:\program files (x86)\Nettalk6
2012-06-12 09:06 . 2012-06-12 09:06 -------- d-----w- c:\users\Rena\AppData\Local\Macromedia
2012-06-07 09:40 . 2012-06-07 09:40 40960 ----a-r- c:\users\Rena\AppData\Roaming\Microsoft\Installer\{2510CF9A-3D92-4D1E-9124-080F53F4E293}\NewShortcut1_2510CF9A3D924D1E9124080F53F4E293.exe
2012-06-07 09:40 . 2012-06-07 09:40 40960 ----a-r- c:\users\Rena\AppData\Roaming\Microsoft\Installer\{2510CF9A-3D92-4D1E-9124-080F53F4E293}\ARPPRODUCTICON.exe
2012-06-07 09:40 . 2012-06-07 09:40 -------- d-----w- C:\illusion
2012-05-29 21:53 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-05-29 21:53 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-29 21:53 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 23:48 . 2012-04-03 07:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 23:48 . 2011-09-09 16:05 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-12-06 03:16 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-12-06 02:18 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-08-18 00:26 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-12-06 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-01 10:21 . 2012-04-01 10:21 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-30 11:35 . 2012-05-09 05:23 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 19:20 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}]
2011-08-24 13:26 50240 ----a-w- c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Nettalk.lnk - c:\program files (x86)\Nettalk6\Nettalk.exe [2012-6-14 2080768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 X6va005;X6va005;c:\users\Rena\AppData\Local\Temp\00572D5.tmp [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 23:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.linkury.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Rena\AppData\Local\Temp\00572D5.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-25 23:44:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-25 21:44
.
Vor Suchlauf: 10 Verzeichnis(se), 18.201.190.400 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 20.155.420.672 Bytes frei
.
- - End Of File - - E7B4914D0529D2E22D848DAED8E09A48
|
|
26.06.2012, 06:39
| #20 | |
| /// Selecta Jahrusso | tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt Deinstalliere bitte Ask Toolbar Hast du diesen Proxy erstellt ? Zitat:
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
26.06.2012, 09:07
| #21 |
| | tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt öööh, nicht das ich wüsste ach und unter programme und funktionen find ich nichts unter ask toolbar......find ich das woanders drunter? sooo, noch ein nachtrag ^^ hab mich im internet schlau gemacht und da es ein add on is hab ich es über firefox entfernt, allerdings kommt danach noch folgendes ... Nun sollte die Toolbar zwar verschwunden sein, jedoch ist bei der Firefox-Suche noch die Ask-Suche hinterlegt. Dies kann wie folgt geändert werden: –> im Firefox Browser die Adresse: „about:config“ eingeben –> Sicherheitsabfrage bestätigen –> unter “keyword.URL” folgenden Eintrag setzen: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= –> evt. weitere Parameter auf ASK durchsuchen bevor ich da scheiße bau wollt ich fragen ob ich das so machen soll oder was auch immer xD noch ein nachtrag << unter C:\Program Files (x86) is nen ordner namens Ask.com......wie geh ich vor? T.T Geändert von GeFox (26.06.2012 um 09:21 Uhr) |
|
26.06.2012, 15:11
| #22 |
| /// Selecta Jahrusso | tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt Schaun ma mal ob wir mit dem Tools das weg bekommen Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
26.06.2012, 17:34
| #23 |
| | tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt # AdwCleaner v1.700 - Logfile created 06/26/2012 at 18:32:27 # Updated 26/06/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Rena - RENA-PC # Running from : C:\Users\Rena\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Rena\AppData\Local\AskToolbar Folder Found : C:\Users\Rena\AppData\Local\Conduit Folder Found : C:\Users\Rena\AppData\LocalLow\AskToolbar Folder Found : C:\Users\Rena\AppData\LocalLow\Conduit Folder Found : C:\Users\Rena\AppData\Roaming\OpenCandy Folder Found : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\ConduitCommon Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\Program Files (x86)\Ask.com Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} File Found : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\Linkury Smartbar Search.xml ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2849855 Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\AskToolbar Key Found : HKCU\Software\APN Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKLM\SOFTWARE\APN Key Found : HKLM\SOFTWARE\AskToolbar Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] [x64] Key Found : HKCU\Software\Ask.com [x64] Key Found : HKCU\Software\AskToolbar [x64] Key Found : HKCU\Software\APN [x64] Key Found : HKCU\Software\Softonic [x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar [x64] Key Found : HKLM\SOFTWARE\Software [x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine [x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd [x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF [x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF [x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF [x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} [x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} [x64] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] [x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.linkury.com [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com -\\ Mozilla Firefox v13.0.1 (de) Profile name : default File : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\prefs.js Found : user_pref("CT2849855..clientLogIsEnabled", true); Found : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true); Found : user_pref("CT2849855.CT2849855", "CT2849855"); Found : user_pref("CT2849855.CurrentServerDate", "26-6-2012"); Found : user_pref("CT2849855.DialogsAlignMode", "LTR"); Found : user_pref("CT2849855.DialogsGetterLastCheckTime", "Sun Jun 24 2012 16:21:19 GMT+0200"); Found : user_pref("CT2849855.DownloadReferralCookieData", ""); Found : user_pref("CT2849855.EMailNotifierPollDate", "Sat Sep 10 2011 18:15:33 GMT+0200"); Found : user_pref("CT2849855.FeedLastCount129349796701375473", 138); Found : user_pref("CT2849855.FeedPollDate129313974171006416", "Sat Sep 10 2011 18:15:34 GMT+0200"); Found : user_pref("CT2849855.FeedPollDate129313975698350231", "Sat Sep 10 2011 18:15:34 GMT+0200"); Found : user_pref("CT2849855.FeedPollDate129313976370850190", "Sat Sep 10 2011 18:15:34 GMT+0200"); Found : user_pref("CT2849855.FeedPollDate129313976648818968", "Sat Sep 10 2011 18:15:34 GMT+0200"); Found : user_pref("CT2849855.FeedPollDate129313977444757117", "Sat Sep 10 2011 18:15:34 GMT+0200"); Found : user_pref("CT2849855.FeedPollDate129313980389131455", "Sat Sep 10 2011 18:15:34 GMT+0200"); Found : user_pref("CT2849855.FeedPollDate129313980655381977", "Sat Sep 10 2011 18:15:34 GMT+0200"); Found : user_pref("CT2849855.FeedPollDate129313980886163259", "Sat Sep 10 2011 18:15:34 GMT+0200"); Found : user_pref("CT2849855.FeedPollDate129313981234756535", "Sat Sep 10 2011 18:15:34 GMT+0200"); Found : user_pref("CT2849855.FeedPollDate129313983226631720", "Sat Sep 10 2011 18:15:35 GMT+0200"); Found : user_pref("CT2849855.FeedPollDate129313983607725691", "Sat Sep 10 2011 18:15:35 GMT+0200"); Found : user_pref("CT2849855.FeedTTL129313974171006416", 10); Found : user_pref("CT2849855.FeedTTL129313977444757117", 15); Found : user_pref("CT2849855.FeedTTL129313980655381977", 5); Found : user_pref("CT2849855.FeedTTL129313981234756535", 5); Found : user_pref("CT2849855.FirstServerDate", "10-9-2011"); Found : user_pref("CT2849855.FirstTime", true); Found : user_pref("CT2849855.FirstTimeFF3", true); Found : user_pref("CT2849855.FixPageNotFoundErrors", false); Found : user_pref("CT2849855.GroupingServerCheckInterval", 1440); Found : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2849855.HasUserGlobalKeys", true); Found : user_pref("CT2849855.HomePageProtectorEnabled", false); Found : user_pref("CT2849855.Initialize", true); Found : user_pref("CT2849855.InitializeCommonPrefs", true); Found : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2849855.InstallationType", "Unknown"); Found : user_pref("CT2849855.InstalledDate", "Sat Sep 10 2011 18:15:49 GMT+0200"); Found : user_pref("CT2849855.IsGrouping", false); Found : user_pref("CT2849855.IsInitSetupIni", true); Found : user_pref("CT2849855.IsMulticommunity", false); Found : user_pref("CT2849855.IsOpenThankYouPage", true); Found : user_pref("CT2849855.IsOpenUninstallPage", true); Found : user_pref("CT2849855.IsProtectorsInit", true); Found : user_pref("CT2849855.LanguagePackLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200"); Found : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2849855.LastLogin_3.12.0.7", "Wed Apr 25 2012 20:11:04 GMT+0200"); Found : user_pref("CT2849855.LastLogin_3.12.2.3", "Wed May 30 2012 18:59:56 GMT+0200"); Found : user_pref("CT2849855.LastLogin_3.13.0.6", "Tue Jun 26 2012 18:29:47 GMT+0200"); Found : user_pref("CT2849855.LastLogin_3.6.0.10", "Sat Sep 10 2011 18:15:33 GMT+0200"); Found : user_pref("CT2849855.LatestVersion", "3.13.0.6"); Found : user_pref("CT2849855.Locale", "de"); Found : user_pref("CT2849855.MCDetectTooltipHeight", "83"); Found : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2849855.MCDetectTooltipWidth", "295"); Found : user_pref("CT2849855.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2849855.OriginalFirstVersion", "3.6.0.10"); Found : user_pref("CT2849855.SearchEngineBeforeUnload", "ICQ Search"); Found : user_pref("CT2849855.SearchFromAddressBarIsInit", true); Found : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...] Found : user_pref("CT2849855.SearchInNewTabEnabled", true); Found : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Mon Jun 25 2012 22:59:02 GMT+0200"); Found : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2849855.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2849855.SearchProtectorEnabled", false); Found : user_pref("CT2849855.SearchProtectorToolbarDisabled", false); Found : user_pref("CT2849855.ServiceMapLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200"); Found : user_pref("CT2849855.SettingsLastCheckTime", "Tue Jun 26 2012 18:29:47 GMT+0200"); Found : user_pref("CT2849855.SettingsLastUpdate", "1337169810"); Found : user_pref("CT2849855.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Sat Sep 10 2011 18:15:32 GMT+0200"); Found : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1255344657"); Found : user_pref("CT2849855.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855"); Found : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2849855.UserID", "UN30570685190913038"); Found : user_pref("CT2849855.WeatherNetwork", ""); Found : user_pref("CT2849855.WeatherPollDate", "Sat Sep 10 2011 18:15:36 GMT+0200"); Found : user_pref("CT2849855.WeatherUnit", "C"); Found : user_pref("CT2849855.alertChannelId", "1241896"); Found : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Sat Sep 10 2011 18:15:34 GMT+0200"); Found : user_pref("CT2849855.homepageProtectorEnableByLogin", true); Found : user_pref("CT2849855.initDone", true); Found : user_pref("CT2849855.isAppTrackingManagerOn", true); Found : user_pref("CT2849855.myStuffEnabled", true); Found : user_pref("CT2849855.myStuffPublihserMinWidth", 400); Found : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2849855.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2849855.revertSettingsEnabled", true); Found : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2849855.searchProtectorEnableByLogin", true); Found : user_pref("CT2849855.testingCtid", ""); Found : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200"); Found : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Sat Sep 10 2011 18:15:35 GMT+0200"); Found : user_pref("CT2849855.usagesFlag", 2); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241896/1237569/DE", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2849855&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b57[...] Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Rena\\AppData\\Roaming\\Mozilla\\Fi[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2849855"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855"); Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Sep 10 2011 18:15:35 GMT+0200"); Found : user_pref("CommunityToolbar.globalUserId", "a80989e9-c35b-4332-a0f2-96c646621b73"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 10 2011 18:15:3[...] Found : user_pref("CommunityToolbar.notifications.alertEnabled", false); Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60); Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Sep 10 2011 18:15:44 GMT+020[...] Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.locale", "en"); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 10 2011 18:15:33 GMT+0200"); Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "575c7bea-6ef6-4d2e-b07b-6d40d0dc0677"); Found : user_pref("extensions.asktb.AviraIDW-TS", "1319801289480"); Found : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...] Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\"); Found : user_pref("extensions.asktb.cbid", "JM"); Found : user_pref("extensions.asktb.config-updated", true); Found : user_pref("extensions.asktb.crumb", "2011.09.10+06.38.07-toolbar009iad-DE-QmVybGluLEdlcm1hbnk%3D"); Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...] Found : user_pref("extensions.asktb.dtid", "YYYYYYYYDE"); Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false); Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0007"); Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C"); Found : user_pref("extensions.asktb.fresh-install", false); Found : user_pref("extensions.asktb.guid", "ed90ad1f-6e80-4149-89f6-c11c7dc72561"); Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...] Found : user_pref("extensions.asktb.if", "first"); Found : user_pref("extensions.asktb.l", "dis"); Found : user_pref("extensions.asktb.last-config-req", "1340660909027"); Found : user_pref("extensions.asktb.last-v", "3.14.0.100010"); Found : user_pref("extensions.asktb.locale", "de_DE"); Found : user_pref("extensions.asktb.location", "Berlin,Germany"); Found : user_pref("extensions.asktb.notification-shown", true); Found : user_pref("extensions.asktb.o", "100000080"); Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Found : user_pref("extensions.asktb.qsrc", "2871"); Found : user_pref("extensions.asktb.r", "3"); Found : user_pref("extensions.asktb.sa", "NO"); Found : user_pref("extensions.asktb.search-suggestions-enabled", true); Found : user_pref("extensions.asktb.silent-upgrade", true); Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false); Found : user_pref("extensions.asktb.themeid", ""); Found : user_pref("extensions.asktb.to", ""); Found : user_pref("extensions.asktb.v", "3.14.0.100013"); Found : user_pref("icqtoolbar.history", "Adult%E2%80%B2s%20Toy||35%24%20pc||Croixleur||Shion||Allkore%20-%20[...] ************************* AdwCleaner[R1].txt - [21361 octets] - [26/06/2012 18:32:27] ########## EOF - C:\AdwCleaner[R1].txt - [21490 octets] ########## |
|
26.06.2012, 17:46
| #24 |
| /// Selecta Jahrusso | tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt
Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
26.06.2012, 18:14
| #25 |
| | tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt SOO, zu aller erst einmal.....nach dem neustart wegen diesem adwcleaner meine antivir irgendwas wegen nem fehlenden tool oder so und deswegen ist der browserschutz jetzt deaktiviert. # AdwCleaner v1.700 - Logfile created 06/26/2012 at 19:00:05 # Updated 26/06/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Rena - RENA-PC # Running from : C:\Users\Rena\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Rena\AppData\Local\AskToolbar Folder Deleted : C:\Users\Rena\AppData\Local\Conduit Folder Deleted : C:\Users\Rena\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Rena\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Rena\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\ConduitCommon Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} File Deleted : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\Linkury Smartbar Search.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849855 Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AskToolbar Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\APN Key Deleted : HKLM\SOFTWARE\AskToolbar Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] [x64] Key Deleted : HKLM\SOFTWARE\Software [x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] [x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} [x64] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.linkury.com --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com -\\ Mozilla Firefox v13.0.1 (de) Profile name : default File : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\prefs.js C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\user.js ... Deleted ! Deleted : user_pref("CT2849855..clientLogIsEnabled", true); Deleted : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true); Deleted : user_pref("CT2849855.CT2849855", "CT2849855"); Deleted : user_pref("CT2849855.CurrentServerDate", "26-6-2012"); Deleted : user_pref("CT2849855.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2849855.DialogsGetterLastCheckTime", "Sun Jun 24 2012 16:21:19 GMT+0200"); Deleted : user_pref("CT2849855.DownloadReferralCookieData", ""); Deleted : user_pref("CT2849855.EMailNotifierPollDate", "Sat Sep 10 2011 18:15:33 GMT+0200"); Deleted : user_pref("CT2849855.FeedLastCount129349796701375473", 138); Deleted : user_pref("CT2849855.FeedPollDate129313974171006416", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313975698350231", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313976370850190", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313976648818968", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313977444757117", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313980389131455", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313980655381977", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313980886163259", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313981234756535", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313983226631720", "Sat Sep 10 2011 18:15:35 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313983607725691", "Sat Sep 10 2011 18:15:35 GMT+0200"); Deleted : user_pref("CT2849855.FeedTTL129313974171006416", 10); Deleted : user_pref("CT2849855.FeedTTL129313977444757117", 15); Deleted : user_pref("CT2849855.FeedTTL129313980655381977", 5); Deleted : user_pref("CT2849855.FeedTTL129313981234756535", 5); Deleted : user_pref("CT2849855.FirstServerDate", "10-9-2011"); Deleted : user_pref("CT2849855.FirstTime", true); Deleted : user_pref("CT2849855.FirstTimeFF3", true); Deleted : user_pref("CT2849855.FixPageNotFoundErrors", false); Deleted : user_pref("CT2849855.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2849855.HasUserGlobalKeys", true); Deleted : user_pref("CT2849855.HomePageProtectorEnabled", false); Deleted : user_pref("CT2849855.Initialize", true); Deleted : user_pref("CT2849855.InitializeCommonPrefs", true); Deleted : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2849855.InstallationType", "Unknown"); Deleted : user_pref("CT2849855.InstalledDate", "Sat Sep 10 2011 18:15:49 GMT+0200"); Deleted : user_pref("CT2849855.IsGrouping", false); Deleted : user_pref("CT2849855.IsInitSetupIni", true); Deleted : user_pref("CT2849855.IsMulticommunity", false); Deleted : user_pref("CT2849855.IsOpenThankYouPage", true); Deleted : user_pref("CT2849855.IsOpenUninstallPage", true); Deleted : user_pref("CT2849855.IsProtectorsInit", true); Deleted : user_pref("CT2849855.LanguagePackLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200"); Deleted : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2849855.LastLogin_3.12.0.7", "Wed Apr 25 2012 20:11:04 GMT+0200"); Deleted : user_pref("CT2849855.LastLogin_3.12.2.3", "Wed May 30 2012 18:59:56 GMT+0200"); Deleted : user_pref("CT2849855.LastLogin_3.13.0.6", "Tue Jun 26 2012 18:29:47 GMT+0200"); Deleted : user_pref("CT2849855.LastLogin_3.6.0.10", "Sat Sep 10 2011 18:15:33 GMT+0200"); Deleted : user_pref("CT2849855.LatestVersion", "3.13.0.6"); Deleted : user_pref("CT2849855.Locale", "de"); Deleted : user_pref("CT2849855.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2849855.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2849855.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2849855.OriginalFirstVersion", "3.6.0.10"); Deleted : user_pref("CT2849855.SearchEngineBeforeUnload", "ICQ Search"); Deleted : user_pref("CT2849855.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...] Deleted : user_pref("CT2849855.SearchInNewTabEnabled", true); Deleted : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Mon Jun 25 2012 22:59:02 GMT+0200"); Deleted : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2849855.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2849855.SearchProtectorEnabled", false); Deleted : user_pref("CT2849855.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2849855.ServiceMapLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200"); Deleted : user_pref("CT2849855.SettingsLastCheckTime", "Tue Jun 26 2012 18:29:47 GMT+0200"); Deleted : user_pref("CT2849855.SettingsLastUpdate", "1337169810"); Deleted : user_pref("CT2849855.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Sat Sep 10 2011 18:15:32 GMT+0200"); Deleted : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1255344657"); Deleted : user_pref("CT2849855.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855"); Deleted : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2849855.UserID", "UN30570685190913038"); Deleted : user_pref("CT2849855.WeatherNetwork", ""); Deleted : user_pref("CT2849855.WeatherPollDate", "Sat Sep 10 2011 18:15:36 GMT+0200"); Deleted : user_pref("CT2849855.WeatherUnit", "C"); Deleted : user_pref("CT2849855.alertChannelId", "1241896"); Deleted : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2849855.initDone", true); Deleted : user_pref("CT2849855.isAppTrackingManagerOn", true); Deleted : user_pref("CT2849855.myStuffEnabled", true); Deleted : user_pref("CT2849855.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2849855.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2849855.revertSettingsEnabled", true); Deleted : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2849855.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2849855.testingCtid", ""); Deleted : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200"); Deleted : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Sat Sep 10 2011 18:15:35 GMT+0200"); Deleted : user_pref("CT2849855.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241896/1237569/DE", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2849855&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b57[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Rena\\AppData\\Roaming\\Mozilla\\Fi[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2849855"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Sep 10 2011 18:15:35 GMT+0200"); Deleted : user_pref("CommunityToolbar.globalUserId", "a80989e9-c35b-4332-a0f2-96c646621b73"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 10 2011 18:15:3[...] Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false); Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Sep 10 2011 18:15:44 GMT+020[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 10 2011 18:15:33 GMT+0200"); Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "575c7bea-6ef6-4d2e-b07b-6d40d0dc0677"); Deleted : user_pref("extensions.asktb.AviraIDW-TS", "1319801289480"); Deleted : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...] Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\"); Deleted : user_pref("extensions.asktb.cbid", "JM"); Deleted : user_pref("extensions.asktb.config-updated", true); Deleted : user_pref("extensions.asktb.crumb", "2011.09.10+06.38.07-toolbar009iad-DE-QmVybGluLEdlcm1hbnk%3D"); Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...] Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYDE"); Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false); Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0007"); Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C"); Deleted : user_pref("extensions.asktb.fresh-install", false); Deleted : user_pref("extensions.asktb.guid", "ed90ad1f-6e80-4149-89f6-c11c7dc72561"); Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...] Deleted : user_pref("extensions.asktb.if", "first"); Deleted : user_pref("extensions.asktb.l", "dis"); Deleted : user_pref("extensions.asktb.last-config-req", "1340660909027"); Deleted : user_pref("extensions.asktb.last-v", "3.14.0.100010"); Deleted : user_pref("extensions.asktb.locale", "de_DE"); Deleted : user_pref("extensions.asktb.location", "Berlin,Germany"); Deleted : user_pref("extensions.asktb.notification-shown", true); Deleted : user_pref("extensions.asktb.o", "100000080"); Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Deleted : user_pref("extensions.asktb.qsrc", "2871"); Deleted : user_pref("extensions.asktb.r", "3"); Deleted : user_pref("extensions.asktb.sa", "NO"); Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true); Deleted : user_pref("extensions.asktb.silent-upgrade", true); Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false); Deleted : user_pref("extensions.asktb.themeid", ""); Deleted : user_pref("extensions.asktb.to", ""); Deleted : user_pref("extensions.asktb.v", "3.14.0.100013"); Deleted : user_pref("icqtoolbar.history", "Adult%E2%80%B2s%20Toy||35%24%20pc||Croixleur||Shion||Allkore%20-%20[...] ************************* AdwCleaner[R1].txt - [21438 octets] - [26/06/2012 18:32:27] AdwCleaner[S1].txt - [20356 octets] - [26/06/2012 19:00:05] ########## EOF - C:\AdwCleaner[S1].txt - [20485 octets] ########## OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 26.06.2012 19:02:14 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Rena\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,25 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 80,63% Memory free 14,50 Gb Paging File | 12,89 Gb Available in Paging File | 88,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 64,16 Gb Total Space | 18,09 Gb Free Space | 28,19% Space Free | Partition Type: NTFS Drive D: | 401,50 Gb Total Space | 19,10 Gb Free Space | 4,76% Space Free | Partition Type: NTFS Drive E: | 1863,01 Gb Total Space | 60,69 Gb Free Space | 3,26% Space Free | Partition Type: NTFS Computer Name: RENA-PC | User Name: Rena | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.26 18:59:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rena\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.03.11 15:02:16 | 002,080,768 | ---- | M] (Nicolas Kruse) -- C:\Program Files (x86)\Nettalk6\Nettalk.exe PRC - [2012.02.28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.24 01:48:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.19 17:20:40 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.30 01:19:38 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.08 12:52:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.11.29 14:02:06 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 35 D1 BE 06 6F CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 17:20:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 17:20:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.09 17:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rena\AppData\Roaming\mozilla\Extensions [2012.06.26 10:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\cjpurgzz.default\extensions [2012.05.30 19:37:51 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\cjpurgzz.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} [2012.06.20 09:01:56 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-1.xml [2012.02.03 12:00:59 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-10.xml [2012.02.12 11:27:13 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-11.xml [2012.02.17 14:25:07 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-12.xml [2012.03.18 14:22:40 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-13.xml [2012.03.28 18:50:38 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-14.xml [2011.09.28 21:24:36 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-2.xml [2011.10.01 22:47:25 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-3.xml [2011.11.06 20:06:32 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-4.xml [2011.11.11 16:53:52 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-5.xml [2011.11.29 14:03:31 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-6.xml [2011.12.21 12:20:26 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-7.xml [2012.01.05 15:46:47 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-8.xml [2012.01.10 00:50:37 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-9.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin.xml [2012.03.17 18:33:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.05 23:26:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\RENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJPURGZZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.19 17:20:40 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.19 17:20:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.19 17:20:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.19 17:20:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 17:20:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 17:20:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 17:20:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.25 23:40:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found. O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk = C:\Program Files (x86)\Nettalk6\Nettalk.exe (Nicolas Kruse) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AA9396E-72DE-436E-9E3A-064C7F1BEC93}: DhcpNameServer = 83.169.186.161 83.169.186.225 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.26 18:59:19 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Rena\Desktop\OTL.exe [2012.06.25 23:44:39 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.06.25 23:41:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.06.25 23:34:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.06.25 23:34:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.06.25 23:34:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.06.22 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Roaming\Avira [2012.06.22 17:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.22 17:13:37 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.22 17:13:37 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.22 17:13:37 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.06.22 17:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.06.22 12:11:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.22 12:11:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.06.22 12:09:27 | 004,568,224 | R--- | C] (Swearware) -- C:\Users\Rena\Desktop\ComboFix.exe [2012.06.22 11:13:03 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rena\Desktop\tdsskiller.exe [2012.06.22 09:08:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rena\Desktop\dds.com [2012.06.22 01:07:04 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Roaming\Malwarebytes [2012.06.22 01:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.17 23:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium [2012.06.17 23:39:23 | 000,000,000 | ---D | C] -- C:\Users\Rena\Desktop\Pflanzen gegen Zombies German [2012.06.14 23:03:35 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Roaming\Nettalk [2012.06.14 23:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nettalk6 [2012.06.12 11:06:52 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Local\Macromedia [2012.06.07 11:47:41 | 030,829,617 | ---- | C] (Inquisitor ) -- C:\Users\Rena\Desktop\@Home Mate HF Patch.exe [2012.06.07 11:40:10 | 000,000,000 | ---D | C] -- C:\illusion [2012.06.01 17:44:05 | 000,000,000 | ---D | C] -- C:\Users\Rena\Desktop\Dolphin [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Rena\*.tmp files -> C:\Users\Rena\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.26 19:06:10 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.26 19:06:10 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.26 19:05:38 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.26 19:05:38 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.26 19:05:38 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.26 19:05:38 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.26 19:05:38 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.26 19:01:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.26 19:01:00 | 1542,754,303 | -HS- | M] () -- C:\hiberfil.sys [2012.06.26 18:59:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rena\Desktop\OTL.exe [2012.06.26 18:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.26 18:32:09 | 000,609,201 | ---- | M] () -- C:\Users\Rena\Desktop\adwcleaner.exe [2012.06.25 23:40:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.25 23:34:29 | 004,568,224 | R--- | M] (Swearware) -- C:\Users\Rena\Desktop\ComboFix.exe [2012.06.24 04:06:00 | 000,000,069 | ---- | M] () -- C:\Users\Rena\Desktop\listen45.pls [2012.06.22 21:19:34 | 000,006,396 | ---- | M] () -- C:\Users\Rena\Desktop\0677.mpssvc.reg [2012.06.22 21:19:29 | 000,229,548 | ---- | M] () -- C:\Users\Rena\Desktop\1055.BFE.reg [2012.06.22 17:13:48 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.22 17:13:05 | 099,308,192 | ---- | M] () -- C:\Users\Rena\Desktop\avira_free_antivirus_de.exe [2012.06.22 11:13:04 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rena\Desktop\tdsskiller.exe [2012.06.22 09:08:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rena\Desktop\dds.com [2012.06.17 20:21:32 | 000,001,485 | ---- | M] () -- C:\Users\Rena\.recently-used.xbel [2012.06.14 23:03:16 | 000,000,972 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk [2012.06.14 23:03:16 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Nettalk.lnk [2012.06.14 08:56:37 | 000,297,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 13:37:15 | 000,068,356 | ---- | M] () -- C:\Users\Rena\Desktop\Purityyy - The Quick Brown Fox - The Big Black [WHO'S AFRAID OF THE BIG BLACK] (2012-05-12) Osu.osr [2012.06.07 11:52:19 | 000,000,910 | ---- | M] () -- C:\Users\Rena\Desktop\@Home Mate.lnk [2012.06.07 11:48:15 | 030,829,617 | ---- | M] (Inquisitor ) -- C:\Users\Rena\Desktop\@Home Mate HF Patch.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Rena\*.tmp files -> C:\Users\Rena\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.26 18:32:08 | 000,609,201 | ---- | C] () -- C:\Users\Rena\Desktop\adwcleaner.exe [2012.06.25 23:34:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.25 23:34:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.25 23:34:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.25 23:34:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.25 23:34:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.06.24 04:05:59 | 000,000,069 | ---- | C] () -- C:\Users\Rena\Desktop\listen45.pls [2012.06.22 21:19:33 | 000,006,396 | ---- | C] () -- C:\Users\Rena\Desktop\0677.mpssvc.reg [2012.06.22 21:19:24 | 000,229,548 | ---- | C] () -- C:\Users\Rena\Desktop\1055.BFE.reg [2012.06.22 17:13:48 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.22 17:08:05 | 099,308,192 | ---- | C] () -- C:\Users\Rena\Desktop\avira_free_antivirus_de.exe [2012.06.17 23:59:48 | 003,362,816 | ---- | C] () -- C:\Users\Rena\Documents\PflanzenGegenZombies_og.exe.bak [2012.06.17 20:21:32 | 000,001,485 | ---- | C] () -- C:\Users\Rena\.recently-used.xbel [2012.06.14 23:03:16 | 000,000,972 | ---- | C] () -- C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk [2012.06.14 23:03:16 | 000,000,948 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nettalk.lnk [2012.06.14 23:03:16 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Nettalk.lnk [2012.06.12 13:37:14 | 000,068,356 | ---- | C] () -- C:\Users\Rena\Desktop\Purityyy - The Quick Brown Fox - The Big Black [WHO'S AFRAID OF THE BIG BLACK] (2012-05-12) Osu.osr [2012.06.07 11:52:19 | 000,000,910 | ---- | C] () -- C:\Users\Rena\Desktop\@Home Mate.lnk [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.18 21:55:28 | 000,001,786 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.01.18 21:40:43 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe [2012.01.18 21:40:09 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll [2012.01.18 21:40:09 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll [2012.01.11 13:49:21 | 000,002,048 | -HS- | C] () -- C:\Users\Rena\AppData\Local\{35f92f7d-582a-ee8b-976b-730f9f4e24be}\@ [2011.11.16 01:11:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.11.07 00:06:24 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.09 17:42:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.09 17:39:28 | 000,000,017 | ---- | C] () -- C:\Users\Rena\AppData\Local\resmon.resmoncfg ========== LOP Check ========== [2012.05.22 15:30:34 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\.minecraft [2012.03.12 22:21:22 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\BadApple!! [2012.05.10 16:32:52 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Beat Hazard [2012.06.13 00:44:07 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\BitTorrent [2012.02.23 12:43:26 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\DAEMON Tools Lite [2011.09.26 20:19:00 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\DAEMON Tools Pro [2012.04.21 23:30:20 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\FileZilla [2012.06.26 18:57:23 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\ICQ [2011.09.14 20:40:45 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Image-Line [2012.05.16 20:24:19 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\IrfanView [2012.03.11 11:29:12 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\mkvtoolnix [2011.10.31 13:19:20 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Need for Speed World [2012.06.26 18:59:50 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Nettalk [2012.03.20 12:57:29 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\RenPy [2012.01.24 00:34:54 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\ScummVM [2011.11.18 22:29:04 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\TeamViewer [2012.04.23 19:27:40 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\TS3Client [2012.04.09 00:04:35 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\XMedia Recode [2012.06.11 11:00:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > ExtrasOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.06.2012 19:02:14 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Rena\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,25 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 80,63% Memory free
14,50 Gb Paging File | 12,89 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 64,16 Gb Total Space | 18,09 Gb Free Space | 28,19% Space Free | Partition Type: NTFS
Drive D: | 401,50 Gb Total Space | 19,10 Gb Free Space | 4,76% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 60,69 Gb Free Space | 3,26% Space Free | Partition Type: NTFS
Computer Name: RENA-PC | User Name: Rena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2B8F74F1-48DE-4D1E-80B1-4700C9AF4CC7}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D1484E02-6D76-4A68-B8F0-023B6893FF67}" = protocol=58 | dir=in | app=system |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{C9CFAD8F-5388-4414-87C4-18908735E565}C:\program files (x86)\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"UDP Query User{BC270A5B-4831-4433-A566-030746CE8A66}C:\program files (x86)\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Pen Tablet Driver" = Bamboo
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2510CF9A-3D92-4D1E-9124-080F53F4E293}" = ILLUSION @ふぉーむメイト
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{BA45D6C9-AC93-288B-DC4C-D65A01A2ED02}" = Application Profiles
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"Beat Hazard v1.5" = Beat Hazard v1.5
"BitTorrent" = BitTorrent
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileZilla Client" = FileZilla Client 3.5.3
"FL Studio 10" = FL Studio 10
"HaaliMkx" = Haali Media Splitter
"IL Download Manager" = IL Download Manager
"IrfanView" = IrfanView (remove only)
"Katawa Shoujo Act 1" = Katawa Shoujo Act 1
"LogMeIn Hamachi" = LogMeIn Hamachi
"MKVToolNix" = MKVToolNix 5.4.0
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nettalk_is1" = Nettalk 6.7
"OpenAL" = OpenAL
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SMPlayer" = SMPlayer 0.6.9
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.9.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.06.2012 08:00:19 | Computer Name = Rena-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x000ccb60 ID des fehlerhaften Prozesses: 0xa2c Startzeit der fehlerhaften Anwendung:
0x01cd4e12cb0bf5a2 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
56743c10-ba06-11e1-bd86-90e6ba80e627
Error - 20.06.2012 03:36:38 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 20.06.2012 19:50:51 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 21.06.2012 19:18:11 | Computer Name = Rena-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.60.0.80 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dd0 Startzeit:
01cd5002929282cc Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Berichts-ID: 5b8a8f5e-bbf7-11e1-a7d0-90e6ba80e627
Error - 22.06.2012 03:57:42 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 22.06.2012 10:40:15 | Computer Name = Rena-PC | Source = Application Hang | ID = 1002
Description = Programm avcenter.exe, Version 12.3.0.15 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 838 Startzeit:
01cd5084c450ec77 Endzeit: 19141 Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
Desktop\avcenter.exe Berichts-ID: 210728ab-bc78-11e1-9337-90e6ba80e627
Error - 23.06.2012 13:36:51 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 23.06.2012 18:31:07 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 25.06.2012 09:45:35 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 25.06.2012 19:26:23 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ System Events ]
Error - 25.06.2012 17:33:42 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen: %%5
Error - 25.06.2012 17:33:42 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen: %%5
Error - 25.06.2012 17:33:42 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen: %%5
Error - 25.06.2012 17:33:57 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 25.06.2012 17:34:44 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 25.06.2012 17:37:34 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 25.06.2012 17:39:12 | Computer Name = Rena-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 25.06.2012 17:40:05 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 25.06.2012 17:40:59 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
Error - 26.06.2012 12:29:37 | Computer Name = Rena-PC | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
|
|
26.06.2012, 18:15
| #26 |
| | tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt SOO, zu aller erst einmal.....nach dem neustart wegen diesem adwcleaner meine antivir irgendwas wegen nem fehlenden tool oder so und deswegen ist der browserschutz jetzt deaktiviert. # AdwCleaner v1.700 - Logfile created 06/26/2012 at 19:00:05 # Updated 26/06/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Rena - RENA-PC # Running from : C:\Users\Rena\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Rena\AppData\Local\AskToolbar Folder Deleted : C:\Users\Rena\AppData\Local\Conduit Folder Deleted : C:\Users\Rena\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Rena\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Rena\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\ConduitCommon Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} File Deleted : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\Linkury Smartbar Search.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849855 Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AskToolbar Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\APN Key Deleted : HKLM\SOFTWARE\AskToolbar Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] [x64] Key Deleted : HKLM\SOFTWARE\Software [x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] [x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} [x64] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.linkury.com --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com -\\ Mozilla Firefox v13.0.1 (de) Profile name : default File : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\prefs.js C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\user.js ... Deleted ! Deleted : user_pref("CT2849855..clientLogIsEnabled", true); Deleted : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true); Deleted : user_pref("CT2849855.CT2849855", "CT2849855"); Deleted : user_pref("CT2849855.CurrentServerDate", "26-6-2012"); Deleted : user_pref("CT2849855.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2849855.DialogsGetterLastCheckTime", "Sun Jun 24 2012 16:21:19 GMT+0200"); Deleted : user_pref("CT2849855.DownloadReferralCookieData", ""); Deleted : user_pref("CT2849855.EMailNotifierPollDate", "Sat Sep 10 2011 18:15:33 GMT+0200"); Deleted : user_pref("CT2849855.FeedLastCount129349796701375473", 138); Deleted : user_pref("CT2849855.FeedPollDate129313974171006416", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313975698350231", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313976370850190", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313976648818968", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313977444757117", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313980389131455", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313980655381977", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313980886163259", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313981234756535", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313983226631720", "Sat Sep 10 2011 18:15:35 GMT+0200"); Deleted : user_pref("CT2849855.FeedPollDate129313983607725691", "Sat Sep 10 2011 18:15:35 GMT+0200"); Deleted : user_pref("CT2849855.FeedTTL129313974171006416", 10); Deleted : user_pref("CT2849855.FeedTTL129313977444757117", 15); Deleted : user_pref("CT2849855.FeedTTL129313980655381977", 5); Deleted : user_pref("CT2849855.FeedTTL129313981234756535", 5); Deleted : user_pref("CT2849855.FirstServerDate", "10-9-2011"); Deleted : user_pref("CT2849855.FirstTime", true); Deleted : user_pref("CT2849855.FirstTimeFF3", true); Deleted : user_pref("CT2849855.FixPageNotFoundErrors", false); Deleted : user_pref("CT2849855.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2849855.HasUserGlobalKeys", true); Deleted : user_pref("CT2849855.HomePageProtectorEnabled", false); Deleted : user_pref("CT2849855.Initialize", true); Deleted : user_pref("CT2849855.InitializeCommonPrefs", true); Deleted : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2849855.InstallationType", "Unknown"); Deleted : user_pref("CT2849855.InstalledDate", "Sat Sep 10 2011 18:15:49 GMT+0200"); Deleted : user_pref("CT2849855.IsGrouping", false); Deleted : user_pref("CT2849855.IsInitSetupIni", true); Deleted : user_pref("CT2849855.IsMulticommunity", false); Deleted : user_pref("CT2849855.IsOpenThankYouPage", true); Deleted : user_pref("CT2849855.IsOpenUninstallPage", true); Deleted : user_pref("CT2849855.IsProtectorsInit", true); Deleted : user_pref("CT2849855.LanguagePackLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200"); Deleted : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2849855.LastLogin_3.12.0.7", "Wed Apr 25 2012 20:11:04 GMT+0200"); Deleted : user_pref("CT2849855.LastLogin_3.12.2.3", "Wed May 30 2012 18:59:56 GMT+0200"); Deleted : user_pref("CT2849855.LastLogin_3.13.0.6", "Tue Jun 26 2012 18:29:47 GMT+0200"); Deleted : user_pref("CT2849855.LastLogin_3.6.0.10", "Sat Sep 10 2011 18:15:33 GMT+0200"); Deleted : user_pref("CT2849855.LatestVersion", "3.13.0.6"); Deleted : user_pref("CT2849855.Locale", "de"); Deleted : user_pref("CT2849855.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2849855.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2849855.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2849855.OriginalFirstVersion", "3.6.0.10"); Deleted : user_pref("CT2849855.SearchEngineBeforeUnload", "ICQ Search"); Deleted : user_pref("CT2849855.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...] Deleted : user_pref("CT2849855.SearchInNewTabEnabled", true); Deleted : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Mon Jun 25 2012 22:59:02 GMT+0200"); Deleted : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2849855.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2849855.SearchProtectorEnabled", false); Deleted : user_pref("CT2849855.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2849855.ServiceMapLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200"); Deleted : user_pref("CT2849855.SettingsLastCheckTime", "Tue Jun 26 2012 18:29:47 GMT+0200"); Deleted : user_pref("CT2849855.SettingsLastUpdate", "1337169810"); Deleted : user_pref("CT2849855.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Sat Sep 10 2011 18:15:32 GMT+0200"); Deleted : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1255344657"); Deleted : user_pref("CT2849855.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855"); Deleted : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2849855.UserID", "UN30570685190913038"); Deleted : user_pref("CT2849855.WeatherNetwork", ""); Deleted : user_pref("CT2849855.WeatherPollDate", "Sat Sep 10 2011 18:15:36 GMT+0200"); Deleted : user_pref("CT2849855.WeatherUnit", "C"); Deleted : user_pref("CT2849855.alertChannelId", "1241896"); Deleted : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Sat Sep 10 2011 18:15:34 GMT+0200"); Deleted : user_pref("CT2849855.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2849855.initDone", true); Deleted : user_pref("CT2849855.isAppTrackingManagerOn", true); Deleted : user_pref("CT2849855.myStuffEnabled", true); Deleted : user_pref("CT2849855.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2849855.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2849855.revertSettingsEnabled", true); Deleted : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2849855.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2849855.testingCtid", ""); Deleted : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200"); Deleted : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Sat Sep 10 2011 18:15:35 GMT+0200"); Deleted : user_pref("CT2849855.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241896/1237569/DE", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2849855&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b57[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Rena\\AppData\\Roaming\\Mozilla\\Fi[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2849855"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Sep 10 2011 18:15:35 GMT+0200"); Deleted : user_pref("CommunityToolbar.globalUserId", "a80989e9-c35b-4332-a0f2-96c646621b73"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 10 2011 18:15:3[...] Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false); Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Sep 10 2011 18:15:44 GMT+020[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 10 2011 18:15:33 GMT+0200"); Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "575c7bea-6ef6-4d2e-b07b-6d40d0dc0677"); Deleted : user_pref("extensions.asktb.AviraIDW-TS", "1319801289480"); Deleted : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...] Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\"); Deleted : user_pref("extensions.asktb.cbid", "JM"); Deleted : user_pref("extensions.asktb.config-updated", true); Deleted : user_pref("extensions.asktb.crumb", "2011.09.10+06.38.07-toolbar009iad-DE-QmVybGluLEdlcm1hbnk%3D"); Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...] Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYDE"); Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false); Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0007"); Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C"); Deleted : user_pref("extensions.asktb.fresh-install", false); Deleted : user_pref("extensions.asktb.guid", "ed90ad1f-6e80-4149-89f6-c11c7dc72561"); Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...] Deleted : user_pref("extensions.asktb.if", "first"); Deleted : user_pref("extensions.asktb.l", "dis"); Deleted : user_pref("extensions.asktb.last-config-req", "1340660909027"); Deleted : user_pref("extensions.asktb.last-v", "3.14.0.100010"); Deleted : user_pref("extensions.asktb.locale", "de_DE"); Deleted : user_pref("extensions.asktb.location", "Berlin,Germany"); Deleted : user_pref("extensions.asktb.notification-shown", true); Deleted : user_pref("extensions.asktb.o", "100000080"); Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Deleted : user_pref("extensions.asktb.qsrc", "2871"); Deleted : user_pref("extensions.asktb.r", "3"); Deleted : user_pref("extensions.asktb.sa", "NO"); Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true); Deleted : user_pref("extensions.asktb.silent-upgrade", true); Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false); Deleted : user_pref("extensions.asktb.themeid", ""); Deleted : user_pref("extensions.asktb.to", ""); Deleted : user_pref("extensions.asktb.v", "3.14.0.100013"); Deleted : user_pref("icqtoolbar.history", "Adult%E2%80%B2s%20Toy||35%24%20pc||Croixleur||Shion||Allkore%20-%20[...] ************************* AdwCleaner[R1].txt - [21438 octets] - [26/06/2012 18:32:27] AdwCleaner[S1].txt - [20356 octets] - [26/06/2012 19:00:05] ########## EOF - C:\AdwCleaner[S1].txt - [20485 octets] ########## OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 26.06.2012 19:02:14 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Rena\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,25 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 80,63% Memory free 14,50 Gb Paging File | 12,89 Gb Available in Paging File | 88,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 64,16 Gb Total Space | 18,09 Gb Free Space | 28,19% Space Free | Partition Type: NTFS Drive D: | 401,50 Gb Total Space | 19,10 Gb Free Space | 4,76% Space Free | Partition Type: NTFS Drive E: | 1863,01 Gb Total Space | 60,69 Gb Free Space | 3,26% Space Free | Partition Type: NTFS Computer Name: RENA-PC | User Name: Rena | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.26 18:59:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rena\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.03.11 15:02:16 | 002,080,768 | ---- | M] (Nicolas Kruse) -- C:\Program Files (x86)\Nettalk6\Nettalk.exe PRC - [2012.02.28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.24 01:48:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.19 17:20:40 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.30 01:19:38 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.08 12:52:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.11.29 14:02:06 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 35 D1 BE 06 6F CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 17:20:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 17:20:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.09 17:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rena\AppData\Roaming\mozilla\Extensions [2012.06.26 10:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\cjpurgzz.default\extensions [2012.05.30 19:37:51 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\cjpurgzz.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} [2012.06.20 09:01:56 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-1.xml [2012.02.03 12:00:59 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-10.xml [2012.02.12 11:27:13 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-11.xml [2012.02.17 14:25:07 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-12.xml [2012.03.18 14:22:40 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-13.xml [2012.03.28 18:50:38 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-14.xml [2011.09.28 21:24:36 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-2.xml [2011.10.01 22:47:25 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-3.xml [2011.11.06 20:06:32 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-4.xml [2011.11.11 16:53:52 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-5.xml [2011.11.29 14:03:31 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-6.xml [2011.12.21 12:20:26 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-7.xml [2012.01.05 15:46:47 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-8.xml [2012.01.10 00:50:37 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-9.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin.xml [2012.03.17 18:33:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.05 23:26:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\RENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJPURGZZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.19 17:20:40 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.19 17:20:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.19 17:20:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.19 17:20:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 17:20:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 17:20:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 17:20:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.25 23:40:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found. O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk = C:\Program Files (x86)\Nettalk6\Nettalk.exe (Nicolas Kruse) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AA9396E-72DE-436E-9E3A-064C7F1BEC93}: DhcpNameServer = 83.169.186.161 83.169.186.225 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.26 18:59:19 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Rena\Desktop\OTL.exe [2012.06.25 23:44:39 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.06.25 23:41:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.06.25 23:34:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.06.25 23:34:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.06.25 23:34:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.06.22 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Roaming\Avira [2012.06.22 17:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.22 17:13:37 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.22 17:13:37 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.22 17:13:37 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.06.22 17:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.06.22 12:11:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.22 12:11:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.06.22 12:09:27 | 004,568,224 | R--- | C] (Swearware) -- C:\Users\Rena\Desktop\ComboFix.exe [2012.06.22 11:13:03 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rena\Desktop\tdsskiller.exe [2012.06.22 09:08:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rena\Desktop\dds.com [2012.06.22 01:07:04 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Roaming\Malwarebytes [2012.06.22 01:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.17 23:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium [2012.06.17 23:39:23 | 000,000,000 | ---D | C] -- C:\Users\Rena\Desktop\Pflanzen gegen Zombies German [2012.06.14 23:03:35 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Roaming\Nettalk [2012.06.14 23:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nettalk6 [2012.06.12 11:06:52 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Local\Macromedia [2012.06.07 11:47:41 | 030,829,617 | ---- | C] (Inquisitor ) -- C:\Users\Rena\Desktop\@Home Mate HF Patch.exe [2012.06.07 11:40:10 | 000,000,000 | ---D | C] -- C:\illusion [2012.06.01 17:44:05 | 000,000,000 | ---D | C] -- C:\Users\Rena\Desktop\Dolphin [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Rena\*.tmp files -> C:\Users\Rena\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.26 19:06:10 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.26 19:06:10 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.26 19:05:38 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.26 19:05:38 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.26 19:05:38 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.26 19:05:38 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.26 19:05:38 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.26 19:01:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.26 19:01:00 | 1542,754,303 | -HS- | M] () -- C:\hiberfil.sys [2012.06.26 18:59:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rena\Desktop\OTL.exe [2012.06.26 18:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.26 18:32:09 | 000,609,201 | ---- | M] () -- C:\Users\Rena\Desktop\adwcleaner.exe [2012.06.25 23:40:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.25 23:34:29 | 004,568,224 | R--- | M] (Swearware) -- C:\Users\Rena\Desktop\ComboFix.exe [2012.06.24 04:06:00 | 000,000,069 | ---- | M] () -- C:\Users\Rena\Desktop\listen45.pls [2012.06.22 21:19:34 | 000,006,396 | ---- | M] () -- C:\Users\Rena\Desktop\0677.mpssvc.reg [2012.06.22 21:19:29 | 000,229,548 | ---- | M] () -- C:\Users\Rena\Desktop\1055.BFE.reg [2012.06.22 17:13:48 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.22 17:13:05 | 099,308,192 | ---- | M] () -- C:\Users\Rena\Desktop\avira_free_antivirus_de.exe [2012.06.22 11:13:04 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rena\Desktop\tdsskiller.exe [2012.06.22 09:08:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rena\Desktop\dds.com [2012.06.17 20:21:32 | 000,001,485 | ---- | M] () -- C:\Users\Rena\.recently-used.xbel [2012.06.14 23:03:16 | 000,000,972 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk [2012.06.14 23:03:16 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Nettalk.lnk [2012.06.14 08:56:37 | 000,297,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 13:37:15 | 000,068,356 | ---- | M] () -- C:\Users\Rena\Desktop\Purityyy - The Quick Brown Fox - The Big Black [WHO'S AFRAID OF THE BIG BLACK] (2012-05-12) Osu.osr [2012.06.07 11:52:19 | 000,000,910 | ---- | M] () -- C:\Users\Rena\Desktop\@Home Mate.lnk [2012.06.07 11:48:15 | 030,829,617 | ---- | M] (Inquisitor ) -- C:\Users\Rena\Desktop\@Home Mate HF Patch.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Rena\*.tmp files -> C:\Users\Rena\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.26 18:32:08 | 000,609,201 | ---- | C] () -- C:\Users\Rena\Desktop\adwcleaner.exe [2012.06.25 23:34:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.25 23:34:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.25 23:34:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.25 23:34:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.25 23:34:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.06.24 04:05:59 | 000,000,069 | ---- | C] () -- C:\Users\Rena\Desktop\listen45.pls [2012.06.22 21:19:33 | 000,006,396 | ---- | C] () -- C:\Users\Rena\Desktop\0677.mpssvc.reg [2012.06.22 21:19:24 | 000,229,548 | ---- | C] () -- C:\Users\Rena\Desktop\1055.BFE.reg [2012.06.22 17:13:48 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.22 17:08:05 | 099,308,192 | ---- | C] () -- C:\Users\Rena\Desktop\avira_free_antivirus_de.exe [2012.06.17 23:59:48 | 003,362,816 | ---- | C] () -- C:\Users\Rena\Documents\PflanzenGegenZombies_og.exe.bak [2012.06.17 20:21:32 | 000,001,485 | ---- | C] () -- C:\Users\Rena\.recently-used.xbel [2012.06.14 23:03:16 | 000,000,972 | ---- | C] () -- C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk [2012.06.14 23:03:16 | 000,000,948 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nettalk.lnk [2012.06.14 23:03:16 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Nettalk.lnk [2012.06.12 13:37:14 | 000,068,356 | ---- | C] () -- C:\Users\Rena\Desktop\Purityyy - The Quick Brown Fox - The Big Black [WHO'S AFRAID OF THE BIG BLACK] (2012-05-12) Osu.osr [2012.06.07 11:52:19 | 000,000,910 | ---- | C] () -- C:\Users\Rena\Desktop\@Home Mate.lnk [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.18 21:55:28 | 000,001,786 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.01.18 21:40:43 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe [2012.01.18 21:40:09 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll [2012.01.18 21:40:09 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll [2012.01.11 13:49:21 | 000,002,048 | -HS- | C] () -- C:\Users\Rena\AppData\Local\{35f92f7d-582a-ee8b-976b-730f9f4e24be}\@ [2011.11.16 01:11:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.11.07 00:06:24 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.09 17:42:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.09 17:39:28 | 000,000,017 | ---- | C] () -- C:\Users\Rena\AppData\Local\resmon.resmoncfg ========== LOP Check ========== [2012.05.22 15:30:34 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\.minecraft [2012.03.12 22:21:22 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\BadApple!! [2012.05.10 16:32:52 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Beat Hazard [2012.06.13 00:44:07 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\BitTorrent [2012.02.23 12:43:26 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\DAEMON Tools Lite [2011.09.26 20:19:00 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\DAEMON Tools Pro [2012.04.21 23:30:20 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\FileZilla [2012.06.26 18:57:23 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\ICQ [2011.09.14 20:40:45 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Image-Line [2012.05.16 20:24:19 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\IrfanView [2012.03.11 11:29:12 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\mkvtoolnix [2011.10.31 13:19:20 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Need for Speed World [2012.06.26 18:59:50 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Nettalk [2012.03.20 12:57:29 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\RenPy [2012.01.24 00:34:54 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\ScummVM [2011.11.18 22:29:04 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\TeamViewer [2012.04.23 19:27:40 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\TS3Client [2012.04.09 00:04:35 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\XMedia Recode [2012.06.11 11:00:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.06.2012 19:02:14 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Rena\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,25 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 80,63% Memory free
14,50 Gb Paging File | 12,89 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 64,16 Gb Total Space | 18,09 Gb Free Space | 28,19% Space Free | Partition Type: NTFS
Drive D: | 401,50 Gb Total Space | 19,10 Gb Free Space | 4,76% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 60,69 Gb Free Space | 3,26% Space Free | Partition Type: NTFS
Computer Name: RENA-PC | User Name: Rena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2B8F74F1-48DE-4D1E-80B1-4700C9AF4CC7}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D1484E02-6D76-4A68-B8F0-023B6893FF67}" = protocol=58 | dir=in | app=system |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{C9CFAD8F-5388-4414-87C4-18908735E565}C:\program files (x86)\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"UDP Query User{BC270A5B-4831-4433-A566-030746CE8A66}C:\program files (x86)\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Pen Tablet Driver" = Bamboo
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2510CF9A-3D92-4D1E-9124-080F53F4E293}" = ILLUSION @ふぉーむメイト
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{BA45D6C9-AC93-288B-DC4C-D65A01A2ED02}" = Application Profiles
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"Beat Hazard v1.5" = Beat Hazard v1.5
"BitTorrent" = BitTorrent
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileZilla Client" = FileZilla Client 3.5.3
"FL Studio 10" = FL Studio 10
"HaaliMkx" = Haali Media Splitter
"IL Download Manager" = IL Download Manager
"IrfanView" = IrfanView (remove only)
"Katawa Shoujo Act 1" = Katawa Shoujo Act 1
"LogMeIn Hamachi" = LogMeIn Hamachi
"MKVToolNix" = MKVToolNix 5.4.0
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nettalk_is1" = Nettalk 6.7
"OpenAL" = OpenAL
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SMPlayer" = SMPlayer 0.6.9
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.9.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.06.2012 08:00:19 | Computer Name = Rena-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x000ccb60 ID des fehlerhaften Prozesses: 0xa2c Startzeit der fehlerhaften Anwendung:
0x01cd4e12cb0bf5a2 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
56743c10-ba06-11e1-bd86-90e6ba80e627
Error - 20.06.2012 03:36:38 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 20.06.2012 19:50:51 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 21.06.2012 19:18:11 | Computer Name = Rena-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.60.0.80 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dd0 Startzeit:
01cd5002929282cc Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Berichts-ID: 5b8a8f5e-bbf7-11e1-a7d0-90e6ba80e627
Error - 22.06.2012 03:57:42 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 22.06.2012 10:40:15 | Computer Name = Rena-PC | Source = Application Hang | ID = 1002
Description = Programm avcenter.exe, Version 12.3.0.15 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 838 Startzeit:
01cd5084c450ec77 Endzeit: 19141 Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
Desktop\avcenter.exe Berichts-ID: 210728ab-bc78-11e1-9337-90e6ba80e627
Error - 23.06.2012 13:36:51 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 23.06.2012 18:31:07 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 25.06.2012 09:45:35 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 25.06.2012 19:26:23 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ System Events ]
Error - 25.06.2012 17:33:42 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen: %%5
Error - 25.06.2012 17:33:42 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen: %%5
Error - 25.06.2012 17:33:42 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen: %%5
Error - 25.06.2012 17:33:57 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 25.06.2012 17:34:44 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 25.06.2012 17:37:34 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 25.06.2012 17:39:12 | Computer Name = Rena-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 25.06.2012 17:40:05 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 25.06.2012 17:40:59 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%126
Error - 26.06.2012 12:29:37 | Computer Name = Rena-PC | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
|
|
26.06.2012, 20:01
| #27 |
| /// Selecta Jahrusso | tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt Ja, weil der Webguard mit der ASK Toolbar gebündelt ist. Du willst diese Toolbar nicht auf dem System. Glaubs mir und ist auch der Grund, warum wir Avira nicht mehr empfehlen. Scan mit SystemLook Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
26.06.2012, 22:15
| #28 |
| | tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt gibt es denn noch irgendnen anderes kostenlose virenprogramm da sdu empfiehlst? oder ein gutes was nicht zu euer ist? =) SystemLook 30.07.11 by jpshortstuff Log created at 23:13 on 26/06/2012 by Rena Administrator - Elevation successful ========== regfind ========== Searching for "{35f92f7d-582a-ee8b-976b-730f9f4e24be}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths] "url2"="C:\Windows\Installer\{35f92f7d-582a-ee8b-976b-730f9f4e24be}" [HKEY_USERS\S-1-5-21-1497996645-2277315608-401803657-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths] "url2"="C:\Windows\Installer\{35f92f7d-582a-ee8b-976b-730f9f4e24be}" -= EOF =- |
|
27.06.2012, 14:50
| #29 |
| /// Selecta Jahrusso | tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt Hy, muss da schnell was abklären. Melde mich so schnell als möglich wieder.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
27.06.2012, 15:00
| #30 |
| | tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt dieses abklären hat aber nichts mit mir zu tun oder? ...... ok ich warte XD |
|
| Themen zu tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt |
| adobe, adobe flash player, andere, angemeldet, angezeigt, antwort, flash, flash player, funde, gleichzeitig, min, player, quarantäne, sache, theme, themen, tr/atraps.gen, tr/atraps.gen und tr/atraps.gen2, tr/small.fi, update, viren, w32/patched.ua, win32/sweetim.a, wirklich |
Linear-Darstellung
