| |
| |||||||
Log-Analyse und Auswertung: Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.06.2012, 16:52
| #1 |
 |  Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. Hallo, Avira findet immer wieder 1 bis 2 versteckte Objekte wie folgt: Versteckter Treiber [HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte. zudem findet Avira immer wieder neue Trojaner wie diesen: Beginne mit der Suche in 'C:\Users\Kicky\AppData\Roaming\AcroIEHelpe148.dll' C:\Users\Kicky\AppData\Roaming\AcroIEHelpe148.dll [FUND] Ist das Trojanische Pferd TR/Rogue.kdv.657604 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54c92941.qua' verschoben! Habe Malwarebytes Anti-Malware scannen lassen: Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.25.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kicky :: KICKY-PC [Administrator] Schutz: Aktiviert 25.06.2012 13:39:02 mbam-log-2012-06-25 (13-39-02).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 374535 Laufzeit: 1 Stunde(n), 19 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Kicky\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\$Recycle.Bin\S-1-5-21-3390966134-1382135305-2836735314-1000\$R8EER90.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\mozjs.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\nsldap32v60.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\nsldappr32v60.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\nsldif32v60.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kicky\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart. (Ende) Danach wurde neugestartet und Avira erneut gestartet: Avira Free Antivirus Erstellungsdatum der Reportdatei: Montag, 25. Juni 2012 15:22 Es wird nach 3868291 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Professional Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : Kicky Computername : KICKY-PC Versionsinformationen: BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:48 AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50 LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36 AVREG.DLL : 12.3.0.17 232200 Bytes 23.06.2012 14:28:52 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53 VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 14:28:36 VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 14:28:36 VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 14:28:36 VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 14:28:36 VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 14:28:36 VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 14:28:36 VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 14:28:36 VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 14:28:36 VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 14:28:36 VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 14:28:37 VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 14:28:37 VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 14:28:38 VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 14:28:38 VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 14:28:39 VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 14:28:39 VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 14:28:40 VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 14:28:40 VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 14:28:40 VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 14:28:41 VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 14:28:41 VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 14:28:42 VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 14:28:42 VBASE027.VDF : 7.11.33.83 159232 Bytes 18.06.2012 14:28:42 VBASE028.VDF : 7.11.33.195 200192 Bytes 22.06.2012 14:28:43 VBASE029.VDF : 7.11.33.196 2048 Bytes 22.06.2012 14:28:43 VBASE030.VDF : 7.11.33.197 2048 Bytes 22.06.2012 14:28:43 VBASE031.VDF : 7.11.33.234 84480 Bytes 25.06.2012 11:24:50 Engineversion : 8.2.10.96 AEVDF.DLL : 8.1.2.8 106867 Bytes 23.06.2012 14:28:51 AESCRIPT.DLL : 8.1.4.28 455035 Bytes 23.06.2012 14:28:51 AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36 AESBX.DLL : 8.2.5.12 606578 Bytes 23.06.2012 14:28:52 AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32 AEPACK.DLL : 8.2.16.22 807288 Bytes 23.06.2012 14:28:51 AEOFFICE.DLL : 8.1.2.38 201083 Bytes 23.06.2012 14:28:49 AEHEUR.DLL : 8.1.4.52 4923767 Bytes 23.06.2012 14:28:49 AEHELP.DLL : 8.1.21.0 254326 Bytes 23.06.2012 14:28:45 AEGEN.DLL : 8.1.5.30 422261 Bytes 23.06.2012 14:28:44 AEEXP.DLL : 8.1.0.54 82293 Bytes 23.06.2012 14:28:52 AEEMU.DLL : 8.1.3.0 393589 Bytes 20.01.2012 23:21:29 AECORE.DLL : 8.1.25.10 201080 Bytes 23.06.2012 14:28:44 AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28 AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21 AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31 AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35 AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49 SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02 AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35 NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29 RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 02.05.2012 00:03:51 RCTEXT.DLL : 12.3.0.15 98512 Bytes 02.05.2012 00:03:51 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Festplatten Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldiscs.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Montag, 25. Juni 2012 15:22 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RunDll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winampa.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mini_WMCore.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PsiService_2.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: C:\Windows\Sysnative\drivers\sptd.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! Die Registry wurde durchsucht ( '1734' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\alter rechner\Music\hörbuch\***\JAd-OlS.part1.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\alter rechner\Music\hörbuch\***\JAd-OlS.part2.rar [WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen. C:\alter rechner\Music\hörbuch\***\JAd-OlS.part3.rar [WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen. C:\alter rechner\Music\hörbuch\***\JAd-OlS.part4.rar [WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen. C:\alter rechner\Music\hörbuch\***\JKDR.part1.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\alter rechner\Music\hörbuch\***\JKDR.part2.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\alter rechner\Music\hörbuch\***\JKDR.part3.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\alter rechner\Music\hörbuch\***\JKDR.part4.rar [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IENT_S1.CAB [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IENT_S2.CAB [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IENT_S3.CAB [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IENT_S4.CAB [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IE_S1.CAB [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IE_S2.CAB [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IE_S3.CAB [WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume) C:\Users\Kicky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CWRXVDZ\theme[1].zip [WARNUNG] Unerwartetes Dateiende erreicht Ende des Suchlaufs: Montag, 25. Juni 2012 16:34 Benötigte Zeit: 1:11:38 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 34731 Verzeichnisse wurden überprüft 835513 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 1 Dateien konnten nicht durchsucht werden 835512 Dateien ohne Befall 19618 Archive wurden durchsucht 17 Warnungen 0 Hinweise Als nächstes habe ich defogger benutzt: defogger_disable by jpshortstuff (23.02.10.1) Log created at 17:11 on 25/06/2012 (Kicky) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Neustart wurde durchgeführt, danach hab ich habe ich Schritt 2 der Anleitung für Hilfesuchende befolgt: OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.06.2012 17:57:00 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Kicky\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 67,58% Memory free 7,60 Gb Paging File | 5,96 Gb Available in Paging File | 78,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 223,56 Gb Total Space | 93,11 Gb Free Space | 41,65% Space Free | Partition Type: NTFS Computer Name: KICKY-PC | User Name: Kicky | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.25 17:55:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.07.11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.01.28 15:53:54 | 000,453,120 | R--- | M] () -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe PRC - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 15:42:54 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll MOD - [2012.06.14 12:27:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 12:27:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.15 08:39:46 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll MOD - [2012.05.15 08:37:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.15 08:37:04 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.15 08:36:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.15 08:36:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.15 08:36:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.15 08:36:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.08.25 13:49:58 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.07.22 03:19:24 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2010.07.19 19:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2010.07.19 18:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2010.06.29 16:12:20 | 000,158,720 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent) SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.28 15:53:54 | 000,453,120 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2010.01.10 13:01:38 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService) SRV - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.21 11:55:00 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2012.06.21 11:55:00 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2012.06.21 11:55:00 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2012.06.21 11:55:00 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2012.06.21 11:55:00 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.10 18:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.05.26 10:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.01 22:18:40 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2010.12.01 19:09:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.15 08:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.09.03 10:40:24 | 000,104,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp) DRV:64bit: - [2010.07.22 03:19:24 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.07.14 05:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.27 00:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2010.01.18 08:56:26 | 000,026,160 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010.01.18 08:56:26 | 000,021,040 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdfltn.sys -- (stdflt) DRV:64bit: - [2009.12.03 17:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 7E CF 19 4A 51 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\InprocServer32 File not found IE - HKCU\..\SearchScopes,DefaultScope = {0552F62B-0DC6-4AFC-9C33-005511CA711E} IE - HKCU\..\SearchScopes\{0552F62B-0DC6-4AFC-9C33-005511CA711E}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php" FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 16:36:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\components [2011.07.01 11:57:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\plugins [2012.06.23 18:08:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Kicky\AppData\Roaming\13001.011 [2012.06.25 15:03:48 | 000,000,000 | ---D | M] [2011.02.01 12:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Extensions [2010.12.11 11:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.24 23:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions [2011.07.19 14:24:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.24 23:07:42 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.06.23 16:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.06.25 15:03:48 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\KICKY\APPDATA\ROAMING\13001.011 [2012.02.15 10:39:30 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\KICKY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U80GHFRW.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start File not found O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe File not found O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0CC7E1D-6F22-44C9-8D54-C27011D13830}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\FDInfo\command - "" = write DOCS\INFO.TXT O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\Installdoc\command - "" = write DOCS\INSTALL3.TXT O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\InstReadme\command - "" = write DOCS\README.TXT O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.25 17:55:49 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL.exe [2012.06.25 15:03:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.011 [2012.06.25 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\Malwarebytes [2012.06.25 13:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.25 13:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.25 13:37:39 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.25 13:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.24 23:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012.06.24 23:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.06.24 23:09:26 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\QuickScan [2012.06.24 23:07:53 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.009 [2012.06.23 21:49:11 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.008 [2012.06.23 18:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.06.23 16:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.06.23 16:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.06.23 16:33:30 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\Avira [2012.06.23 16:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.23 16:28:11 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.06.23 16:28:10 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.23 16:28:10 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.23 16:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.06.23 16:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.06.23 15:58:01 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12001.023 [2012.06.23 15:23:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kicky\Desktop\HiJackThis204.exe [2012.06.23 15:17:43 | 000,000,000 | ---D | C] -- C:\79d2d89de1bf34f42e21 [2012.06.23 15:16:21 | 000,000,000 | ---D | C] -- C:\12ae3b4214f3964fe27868 [2012.06.22 09:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB [2012.06.22 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Local\PC_Drivers_Headquarters [2012.06.22 09:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective [2012.06.22 09:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters [2012.06.21 11:40:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12022 [2012.06.15 10:33:00 | 000,000,000 | ---D | C] -- C:\Windows\{8D66B53E-07E4-45E0-B29F-D3285859C9EF} [2012.06.14 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12016 [2012.06.13 11:29:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12015 [2012.06.12 15:17:50 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12014 [2012.06.12 15:17:31 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\xmldm [2012.06.12 15:17:30 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\kock [2012.05.28 21:15:21 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\dvdcss [2012.05.28 09:57:18 | 000,000,000 | ---D | C] -- C:\Users\Kicky\Desktop\Filme [2011.07.01 11:57:06 | 015,141,040 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xul.dll [2011.07.01 11:57:06 | 000,399,536 | ---- | C] (Mozilla Messaging) -- C:\Program Files (x86)\thunderbird.exe [2011.07.01 11:57:06 | 000,016,048 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe [2011.07.01 11:57:05 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\D3DCompiler_42.dll [2011.07.01 11:57:05 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\d3dx9_42.dll [2011.07.01 11:57:05 | 000,514,224 | ---- | C] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll [2011.07.01 11:57:05 | 000,469,168 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libGLESv2.dll [2011.07.01 11:57:05 | 000,268,464 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\freebl3.dll [2011.07.01 11:57:05 | 000,125,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe [2011.07.01 11:57:05 | 000,092,336 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libEGL.dll [2011.07.01 11:57:05 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\AccessibleMarshal.dll [2011.07.01 11:57:05 | 000,015,024 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozalloc.dll [2010.12.11 11:56:09 | 000,059,568 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\mozMapi32_InUse.dll [2010.12.11 11:56:09 | 000,018,096 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\MapiProxy_InUse.dll [2010.12.11 11:56:07 | 000,719,024 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcpp19.dll [2010.12.11 11:56:07 | 000,714,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcrt19.dll [2010.12.11 11:56:07 | 000,645,296 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nss3.dll [2010.12.11 11:56:07 | 000,342,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssckbi.dll [2010.12.11 11:56:07 | 000,174,256 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nspr4.dll [2010.12.11 11:56:07 | 000,166,064 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\softokn3.dll [2010.12.11 11:56:07 | 000,141,488 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\ssl3.dll [2010.12.11 11:56:07 | 000,104,624 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\smime3.dll [2010.12.11 11:56:07 | 000,104,624 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssdbm3.dll [2010.12.11 11:56:07 | 000,088,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssutil3.dll [2010.12.11 11:56:07 | 000,059,568 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\mozMapi32.dll [2010.12.11 11:56:07 | 000,021,168 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plc4.dll [2010.12.11 11:56:07 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xpcom.dll [2010.12.11 11:56:07 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\WSEnable.exe [2010.12.11 11:56:07 | 000,018,096 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\MapiProxy.dll [2010.12.11 11:56:07 | 000,018,096 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plds4.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Kicky\AppData\Roaming\*.tmp files -> C:\Users\Kicky\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.25 17:55:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL.exe [2012.06.25 17:19:48 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 17:19:48 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 17:16:32 | 001,505,390 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.25 17:16:32 | 000,656,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.25 17:16:32 | 000,618,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.25 17:16:32 | 000,131,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.25 17:16:32 | 000,107,650 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.25 17:12:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.25 17:11:58 | 3062,247,424 | -HS- | M] () -- C:\hiberfil.sys [2012.06.25 17:11:01 | 000,000,020 | ---- | M] () -- C:\Users\Kicky\defogger_reenable [2012.06.25 17:09:19 | 000,050,477 | ---- | M] () -- C:\Users\Kicky\Desktop\Defogger.exe [2012.06.25 15:03:43 | 000,000,032 | ---- | M] () -- C:\Users\Kicky\AppData\Roaming\blckdom.res [2012.06.24 23:49:26 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.06.24 23:49:07 | 001,527,912 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.23 15:45:46 | 000,010,337 | ---- | M] () -- C:\Users\Kicky\Desktop\bookmarks-2012-06-23.json [2012.06.23 15:23:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kicky\Desktop\HiJackThis204.exe [2012.06.23 15:10:34 | 002,077,422 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2012.06.22 09:18:01 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk [2012.06.22 09:09:52 | 000,376,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.21 15:19:54 | 000,000,013 | ---- | M] () -- C:\Users\Kicky\AppData\Roaming\urhtps.dat [2012.06.21 12:00:30 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Kicky\AppData\Roaming\*.tmp files -> C:\Users\Kicky\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.25 17:11:01 | 000,000,020 | ---- | C] () -- C:\Users\Kicky\defogger_reenable [2012.06.25 17:09:18 | 000,050,477 | ---- | C] () -- C:\Users\Kicky\Desktop\Defogger.exe [2012.06.24 23:49:26 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.06.24 23:49:15 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.06.24 23:49:07 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.23 18:08:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.06.23 16:36:34 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.06.23 15:45:46 | 000,010,337 | ---- | C] () -- C:\Users\Kicky\Desktop\bookmarks-2012-06-23.json [2012.06.22 10:25:58 | 000,000,032 | ---- | C] () -- C:\Users\Kicky\AppData\Roaming\blckdom.res [2012.06.22 09:18:01 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk [2012.06.21 15:19:54 | 000,000,013 | ---- | C] () -- C:\Users\Kicky\AppData\Roaming\urhtps.dat [2012.03.06 19:21:36 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll [2011.08.09 18:22:10 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.08.09 18:22:09 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.08.09 18:22:09 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.08.09 18:22:09 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.07.01 11:57:06 | 000,017,900 | ---- | C] () -- C:\Program Files (x86)\removed-files [2011.07.01 11:57:06 | 000,001,664 | ---- | C] () -- C:\Program Files (x86)\precomplete [2011.07.01 11:57:05 | 005,859,911 | ---- | C] () -- C:\Program Files (x86)\omni.jar [2011.07.01 11:57:05 | 000,004,276 | ---- | C] () -- C:\Program Files (x86)\crashreporter.ini [2011.07.01 11:57:05 | 000,003,518 | ---- | C] () -- C:\Program Files (x86)\blocklist.xml [2011.07.01 11:57:05 | 000,002,056 | ---- | C] () -- C:\Program Files (x86)\application.ini [2011.07.01 11:57:05 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\freebl3.chk [2011.06.27 18:22:43 | 000,000,025 | ---- | C] () -- C:\Windows\CDED68PE.ini [2010.12.11 11:56:09 | 000,000,709 | ---- | C] () -- C:\Program Files (x86)\updater.ini [2010.12.11 11:56:09 | 000,000,003 | ---- | C] () -- C:\Program Files (x86)\update.locale [2010.12.11 11:56:07 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\softokn3.chk [2010.12.11 11:56:07 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\nssdbm3.chk [2010.12.11 11:56:07 | 000,000,139 | ---- | C] () -- C:\Program Files (x86)\platform.ini [2010.12.11 11:35:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.01 20:15:15 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.12.01 19:15:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0828.old [2010.12.01 19:15:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010.11.29 23:42:52 | 000,001,734 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== LOP Check ========== [2012.06.23 15:58:02 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12001.023 [2012.06.12 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12014 [2012.06.13 11:29:47 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12015 [2012.06.14 15:25:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12016 [2012.06.21 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12022 [2012.06.23 21:49:13 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.008 [2012.06.24 23:07:53 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.009 [2012.06.25 15:03:48 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.011 [2011.12.22 10:29:28 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Canneverbe Limited [2012.03.08 17:45:09 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DAEMON Tools Lite [2011.09.13 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DVDVideoSoft [2011.07.19 14:24:13 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.03 14:53:22 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\EndNote [2011.02.02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\GHISLER [2011.03.29 19:38:34 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\gnupg [2012.06.12 15:17:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\kock [2011.02.02 11:29:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Local [2011.12.22 10:27:52 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\OpenCandy [2010.11.29 23:23:09 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Opera [2011.04.02 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\PlayFirst [2012.06.24 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\QuickScan [2010.12.11 11:56:31 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Thunderbird [2010.11.29 23:48:04 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\WirelessManager [2012.06.21 15:20:33 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\xmldm [2012.03.11 21:32:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6 < End of report > Extra.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.06.2012 17:57:00 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Kicky\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 67,58% Memory free
7,60 Gb Paging File | 5,96 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,56 Gb Total Space | 93,11 Gb Free Space | 41,65% Space Free | Partition Type: NTFS
Computer Name: KICKY-PC | User Name: Kicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4CD5FA09-ED7A-413C-9CC3-2516C3B17C7B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B1022CEB-3683-4532-8891-356EB4AF8BBD}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{45867D65-4937-40F2-BFBF-D7A66457ECEF}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{5786245E-48DB-4DFF-8D54-264D4CDF48FB}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{5CE56AB5-DBC9-4CB7-9574-15B191B2C2C1}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{0572BAA0-054B-4410-BF90-C6E8332A3BA2}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{848318AE-8639-4905-AB2D-8FACE13CFCFA}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{E3D931D1-315B-448E-87EB-3FDEAA187A19}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi-Software
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{0637819B-C154-4AAE-B4E4-07B89860C20E}" = Dell Backup and Recovery Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{94FA9FA6-5294-494D-A8F1-1E654CBB5736}" = Epson Easy Photo Print 2
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"7-Zip" = 7-Zip 9.20
"Avira AntiVir Desktop" = Avira Free Antivirus
"Browser Defender_is1" = Browser Defender 3.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.06.2012 03:53:17 | Computer Name = Kicky-PC | Source = MsiInstaller | ID = 11730
Description =
Error - 23.06.2012 10:11:32 | Computer Name = Kicky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cea18 ID des fehlerhaften
Prozesses: 0xc70 Startzeit der fehlerhaften Anwendung: 0x01cd514a1280849a Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 54dcc505-bd3d-11e1-a046-835c36c60e72
Error - 23.06.2012 12:40:49 | Computer Name = Kicky-PC | Source = VSS | ID = 12310
Description =
Error - 23.06.2012 12:40:50 | Computer Name = Kicky-PC | Source = VSS | ID = 12298
Description =
Error - 24.06.2012 16:18:12 | Computer Name = Kicky-PC | Source = Windows Backup | ID = 4103
Description =
Error - 24.06.2012 17:24:00 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 24.06.2012 17:24:05 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 24.06.2012 17:25:31 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 24.06.2012 17:25:36 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 24.06.2012 17:26:16 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
[ System Events ]
Error - 22.06.2012 04:13:27 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies
ist bereits 2 Mal passiert.
Error - 22.06.2012 04:19:13 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies
ist bereits 3 Mal passiert.
Error - 22.06.2012 04:25:00 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies
ist bereits 4 Mal passiert.
Error - 22.06.2012 04:30:46 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies
ist bereits 5 Mal passiert.
Error - 23.06.2012 09:06:24 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "PC Tools Security Service" wurde nicht richtig gestartet.
Error - 23.06.2012 09:11:35 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 23.06.2012 09:59:13 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243
Error - 23.06.2012 10:05:00 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "PC Tools Security Service" wurde nicht richtig gestartet.
Error - 23.06.2012 10:07:19 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 23.06.2012 15:49:34 | Computer Name = Kicky-PC | Source = DCOM | ID = 10010
Description =
< End of report >
und jetzt weiß ich nicht wie ich weiter vorgehen soll? Muss/kann ich den defogger wieder aktivieren? Ist der fertig? Lieben Dank im Voraus! Schöne Grüße Kickme Geändert von Kickme (25.06.2012 um 17:30 Uhr) |
| Themen zu Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. |
| .dll, 7-zip, administrator, alternate, autostart, avg, avira, dateien, dateisystem, desktop, explorer, festplatte, firefox 13.0.1, free, gelöscht, heuristiks/extra, heuristiks/shuriken, install.exe, langs, löschen, malwarebytes, microsoft, msiinstaller, namen, neue, nt.dll, plug-in, programm, recycle.bin, registry, required, richtlinie, rundll, rundll32.exe, scan, searchscopes, software, spyware.onlinegames, suche, total commander, trojaner, verweise, visual studio, warnung |
Baum-Darstellung