| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner Bundespolizei: Zahlung von 100€ über UCash wird verlangtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.07.2012, 14:35
| #1 |
 |  Trojaner Bundespolizei: Zahlung von 100€ über UCash wird verlangt Hallo, hab mir beim Surfen über die Bildzeitung nen Trojaner eingefangen, der meinen kompletten PC lahm gelegt hat (Task-Manager Aufruf nicht möglich). Über den abgesicherten Modus kann ich den PC ganz normal nutzen und auch ins Internet gehen. Vielleicht kann mir jemand bei der Auswertung der Files(Malwarebyte,OTL-Txt,Extra-Txt) helfen. Hoffentlich hab ich bisher nichts falsch gemacht. Die infizierten Objekte über Malwarebyte habe ich nicht gelöscht, auf Quarantäne konnte ich sie allerdings auch nicht legen(evtl. liegts an der Testversion-soll ich die Vollversion kaufen?). Anbei nun das Malwarebyte-Logfile: [I][I] Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.11.05 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 PB :: PB-PACKARDBELL [Administrator] Schutz: Deaktiviert 11.07.2012 15:16:45 mbam-log-2012-07-11 (15-24-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 244352 Laufzeit: 5 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\Users\PB\Downloads\SetupPoker_99d61d_de.exe (PUP.Casino) -> Keine Aktion durchgeführt. C:\Users\PB\Downloads\SoftonicDownloader_fuer_dziobas-rar-player.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\PB\Downloads\SoftonicDownloader_fuer_super.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\PB\Downloads\WinnerPSetup_a59ade.exe (PUP.Casino) -> Keine Aktion durchgeführt. C:\Users\PB\Downloads\XvidSetup.exe (Adware.Hotbar) -> Keine Aktion durchgeführt. C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Keine Aktion durchgeführt. C:\Users\PB\0.4398546023723633.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt. (Ende) Nun OTL-File: OTL logfile created on: 11.07.2012 14:54:36 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\PB\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,83% Memory free 7,99 Gb Paging File | 6,69 Gb Available in Paging File | 83,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,66 Gb Total Space | 171,77 Gb Free Space | 38,03% Space Free | Partition Type: NTFS Computer Name: PB-PACKARDBELL | User Name: PB | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.11 14:42:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\PB\Desktop\OTL.exe PRC - [2012.06.17 17:54:21 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ========== Modules (No Company Name) ========== MOD - [2012.06.17 17:54:21 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.03.29 02:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.06.23 23:18:03 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.17 17:54:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.14 17:20:22 | 000,109,064 | ---- | M] (Wajam) [Auto | Stopped] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2010.09.14 09:35:32 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.09.01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.17 10:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.10.10 04:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 02:36:12 | 000,848,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192cu.sys -- (RTL8192cu) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.07 17:54:27 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.10.07 17:54:26 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.07.12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.04.07 04:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.03.29 02:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.03.29 01:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.20 20:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2010.02.08 15:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.12.02 09:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.08.23 11:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV - [2012.03.03 23:37:55 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sckupjs.sys -- (cjuzyvti) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm81&r=27360910g645l0474z195f4522d295 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm81&r=27360910g645l0474z195f4522d295 IE - HKLM\..\URLSearchHook: {667f86f1-c684-4aba-97a5-be7d02ea5156} - C:\Program Files (x86)\P2P_MAX_DE_Atube\tbP2P_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2189224 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com IE - HKCU\..\URLSearchHook: {667f86f1-c684-4aba-97a5-be7d02ea5156} - C:\Program Files (x86)\P2P_MAX_DE_Atube\tbP2P_.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_de___DE397 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2189224 IE - HKCU\..\SearchScopes\{BE06948F-6532-4334-88D5-D91D3BDDCCAE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=edf893e9-7f34-4b19-9243-b1fc26b2f504&apn_sauid=D211F248-31AF-45DC-A862-915A07C24344 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: " " FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jl@leimbach-it.de:2.5 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "Google" FF - user.js..browser.search.order.1: "Google" FF - user.js..browser.search.defaultenginename: "Google" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.07.06 08:36:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.03 09:06:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 17:54:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.14 22:24:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.23 16:30:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.09.15 23:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PB\AppData\Roaming\mozilla\Extensions [2010.09.15 23:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PB\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.11 14:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PB\AppData\Roaming\mozilla\Firefox\Profiles\w8ok2i52.default\extensions [2012.07.07 19:52:28 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\PB\AppData\Roaming\mozilla\Firefox\Profiles\w8ok2i52.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2011.06.12 15:09:03 | 000,000,000 | ---D | M] (P2P MAX DE Atube Toolbar) -- C:\Users\PB\AppData\Roaming\mozilla\Firefox\Profiles\w8ok2i52.default\extensions\{667f86f1-c684-4aba-97a5-be7d02ea5156} [2012.07.04 10:36:49 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\PB\AppData\Roaming\mozilla\Firefox\Profiles\w8ok2i52.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.26 19:55:18 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\PB\AppData\Roaming\mozilla\Firefox\Profiles\w8ok2i52.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.10 11:25:59 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\PB\AppData\Roaming\mozilla\Firefox\Profiles\w8ok2i52.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2012.05.23 07:49:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\PB\AppData\Roaming\mozilla\Firefox\Profiles\w8ok2i52.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.05.07 13:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PB\AppData\Roaming\mozilla\Firefox\Profiles\w8ok2i52.default\extensions\nostmp [2012.07.11 14:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PB\AppData\Roaming\mozilla\Firefox\Profiles\w8ok2i52.default\extensions\staged [2012.03.25 15:54:23 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\PB\AppData\Roaming\mozilla\Firefox\Profiles\w8ok2i52.default\extensions\video.downloader.plugin@ffpimp.com [2011.03.23 13:12:50 | 000,000,861 | ---- | M] () -- C:\Users\PB\AppData\Roaming\Mozilla\Firefox\Profiles\w8ok2i52.default\searchplugins\conduit.xml [2012.03.06 03:48:16 | 000,002,420 | ---- | M] () -- C:\Users\PB\AppData\Roaming\Mozilla\Firefox\Profiles\w8ok2i52.default\searchplugins\s-amazon-byskipity-de.xml [2012.01.16 19:29:13 | 000,002,135 | ---- | M] () -- C:\Users\PB\AppData\Roaming\Mozilla\Firefox\Profiles\w8ok2i52.default\searchplugins\s-amazon-de.xml [2012.03.08 22:50:16 | 000,002,710 | ---- | M] () -- C:\Users\PB\AppData\Roaming\Mozilla\Firefox\Profiles\w8ok2i52.default\searchplugins\skipity-search.xml [2012.03.25 15:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.04 10:36:49 | 000,525,327 | ---- | M] () (No name found) -- C:\USERS\PB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8OK2I52.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2011.11.09 21:52:50 | 000,042,737 | ---- | M] () (No name found) -- C:\USERS\PB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8OK2I52.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI [2011.12.29 21:17:59 | 000,195,719 | ---- | M] () (No name found) -- C:\USERS\PB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8OK2I52.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI [2012.06.17 17:54:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.10 18:41:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.01.25 11:55:14 | 000,644,096 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.06.17 17:54:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.17 17:54:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.17 17:54:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.17 17:54:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.17 17:54:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 17:54:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.03.06 09:10:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found. O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (P2P MAX DE Atube Toolbar) - {667f86f1-c684-4aba-97a5-be7d02ea5156} - C:\Program Files (x86)\P2P_MAX_DE_Atube\tbP2P_.dll (Conduit Ltd.) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (P2P MAX DE Atube Toolbar) - {667f86f1-c684-4aba-97a5-be7d02ea5156} - C:\Program Files (x86)\P2P_MAX_DE_Atube\tbP2P_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\PB\AppData\Roaming\Mozilla\Firefox\Profiles\w8ok2i52.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.85.dll File not found O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\PB\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (P2P MAX DE Atube Toolbar) - {667F86F1-C684-4ABA-97A5-BE7D02EA5156} - C:\Program Files (x86)\P2P_MAX_DE_Atube\tbP2P_.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\PB\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [kuatokbvekuaeks] C:\ProgramData\kuatokbv.exe () O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [kuatokbvekuaeks] C:\ProgramData\kuatokbv.exe () O4 - HKCU..\Run: [Software Informer] C:\Program Files (x86)\Software Informer\softinfo.exe (Informer Technologies, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\PB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\PB\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\PB\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11049985-5FE6-435C-AE9B-99269A8FB901}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6EE78D2-E667-43E0-BE55-E7CB0BC71BA6}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.11 14:41:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\PB\Desktop\OTL.exe [2012.07.11 14:33:56 | 000,000,000 | ---D | C] -- C:\Users\PB\AppData\Roaming\Malwarebytes [2012.07.11 14:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.11 14:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.11 14:33:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.11 14:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.11 13:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\rbwbyokazfnhkls [2012.07.07 20:10:29 | 000,000,000 | ---D | C] -- C:\Users\PB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam [2012.07.07 20:10:21 | 000,000,000 | ---D | C] -- C:\Users\PB\AppData\Local\Wajam [2012.07.07 20:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam [2012.07.06 08:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.06.27 17:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.06.27 17:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.11 14:53:31 | 000,000,000 | ---- | M] () -- C:\Users\PB\defogger_reenable [2012.07.11 14:42:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\PB\Desktop\OTL.exe [2012.07.11 14:41:11 | 000,050,477 | ---- | M] () -- C:\Users\PB\Desktop\Defogger.exe [2012.07.11 14:33:53 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.11 14:21:29 | 001,503,658 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.11 14:21:29 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.11 14:21:29 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.11 14:21:29 | 000,134,758 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.11 14:21:29 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.11 14:17:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.11 14:17:00 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys [2012.07.11 14:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.11 13:49:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.11 13:45:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.11 13:45:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.11 13:38:26 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.11 13:32:38 | 000,000,051 | ---- | M] () -- C:\ProgramData\xramzsdrhpdqwvg [2012.07.11 13:32:33 | 000,065,536 | ---- | M] () -- C:\ProgramData\kuatokbv.exe [2012.07.11 13:32:33 | 000,065,536 | ---- | M] () -- C:\Users\PB\0.4398546023723633.exe [2012.07.11 09:46:05 | 101,353,010 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.07.11 03:21:23 | 000,368,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.08 18:02:16 | 000,237,525 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012.07.07 20:10:27 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk [2012.07.07 19:27:51 | 000,000,201 | ---- | M] () -- C:\Windows\SysWow64\~.inf [2012.07.06 08:36:50 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.07.03 21:32:34 | 000,007,483 | ---- | M] () -- C:\Users\PB\Desktop\Musikliste.ods [2012.06.12 19:13:03 | 000,015,933 | ---- | M] () -- C:\Users\PB\Desktop\Lebensversicherung_Rentenversicherung.ods [2012.06.12 19:12:21 | 000,043,641 | ---- | M] () -- C:\Users\PB\Desktop\Lebensversicherung_Rentenversicherung.pdf [2012.06.12 19:11:52 | 000,015,698 | ---- | M] () -- C:\Users\PB\Desktop\Lebensversicherung.ods [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.11 14:53:31 | 000,000,000 | ---- | C] () -- C:\Users\PB\defogger_reenable [2012.07.11 14:41:11 | 000,050,477 | ---- | C] () -- C:\Users\PB\Desktop\Defogger.exe [2012.07.11 14:33:53 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.11 13:32:38 | 000,065,536 | ---- | C] () -- C:\ProgramData\kuatokbv.exe [2012.07.11 13:32:33 | 000,000,051 | ---- | C] () -- C:\ProgramData\xramzsdrhpdqwvg [2012.07.11 13:32:32 | 000,065,536 | ---- | C] () -- C:\Users\PB\0.4398546023723633.exe [2012.07.07 20:10:27 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk [2012.07.03 21:32:32 | 000,007,483 | ---- | C] () -- C:\Users\PB\Desktop\Musikliste.ods [2012.06.12 19:13:01 | 000,015,933 | ---- | C] () -- C:\Users\PB\Desktop\Lebensversicherung_Rentenversicherung.ods [2012.06.12 19:12:19 | 000,043,641 | ---- | C] () -- C:\Users\PB\Desktop\Lebensversicherung_Rentenversicherung.pdf [2012.03.03 23:37:55 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\sckupjs.sys [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.08.04 22:11:57 | 000,000,000 | ---- | C] () -- C:\Users\PB\AppData\Local\{FF93BF4F-616C-4DBC-9363-43AF5A3E450F} [2011.07.05 20:18:25 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.07.05 20:15:43 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.02.26 17:00:07 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.02.26 17:00:06 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.09.26 21:50:26 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2010.09.15 21:07:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.09.14 09:01:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.06.01 19:44:28 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\AVG2012 [2012.01.15 19:42:03 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\BOM [2010.09.15 20:54:48 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\CheckPoint [2010.09.18 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.31 15:11:15 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\elsterformular [2010.10.21 19:05:44 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\FireShot [2011.04.21 20:58:38 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\Free Download Manager [2011.06.23 19:31:55 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\GrabPro [2011.06.18 23:26:48 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\Gutscheinmieze [2010.09.19 22:24:56 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\Need for Speed World [2010.10.03 19:37:15 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\OpenOffice.org [2011.06.23 19:46:13 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\Orbit [2011.06.19 13:28:04 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\ProgSense [2011.08.15 12:41:10 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\SNS [2012.07.11 13:15:20 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\Software Informer [2012.01.06 15:48:13 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\TeamViewer [2010.09.15 23:32:50 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\Thunderbird [2010.10.07 19:39:01 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\Ubisoft [2010.09.28 23:58:38 | 000,000,000 | ---D | M] -- C:\Users\PB\AppData\Roaming\WildTangent [2011.09.29 19:32:23 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Und zum Abschluss das Extra-File: OTL Extras logfile created on: 11.07.2012 14:54:36 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\PB\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,83% Memory free 7,99 Gb Paging File | 6,69 Gb Available in Paging File | 83,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,66 Gb Total Space | 171,77 Gb Free Space | 38,03% Space Free | Partition Type: NTFS Computer Name: PB-PACKARDBELL | User Name: PB | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12625383-81C7-40C1-9CFF-AE2ECC84CB63}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2145EDF7-FE9F-4643-9115-467C9A63CC88}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{23BC75A5-793E-4584-B7E9-439C710040B0}" = lport=138 | protocol=17 | dir=in | app=system | "{49DF84F0-0D85-41A4-AFA8-39764CF995AD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4AA040AA-EF91-46EB-8E33-FCA271A6FA51}" = lport=2869 | protocol=6 | dir=in | app=system | "{4C7A75D9-E3FD-41CF-A484-DFBC9F9AC143}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5109D290-5812-44EB-A569-B8BCCFE121E0}" = lport=445 | protocol=6 | dir=in | app=system | "{52833209-CCCD-4B3F-9755-EC9C9A49B3B1}" = rport=137 | protocol=17 | dir=out | app=system | "{5C0FC586-CC0A-43F7-9E39-DA2976B7AF33}" = lport=10243 | protocol=6 | dir=in | app=system | "{69BA8240-37A5-409C-A8FC-D15636941FF0}" = rport=2869 | protocol=6 | dir=out | app=system | "{6F51B33E-CB4B-430F-B9EB-6FA448FD4E96}" = lport=2869 | protocol=6 | dir=in | app=system | "{7431B60E-51D9-41F2-BB96-FEA6A19B6864}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{86B442E7-7E56-4AD0-9359-93778F0A8023}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8D346B9A-52D4-4FF4-81F4-494A405DCBB9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8FB4E754-283E-41BA-A3EB-08EB87765BBB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9DBA9F01-FF01-44D8-8134-A391FB0F8859}" = lport=2869 | protocol=6 | dir=in | app=system | "{B2C4DA7B-1496-43C2-B0AC-D02ED95AB9A9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{BCFB88FE-0D83-4B7E-A7F1-095095449EDB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C986D55E-25B7-43FC-ADA8-034102E07560}" = rport=445 | protocol=6 | dir=out | app=system | "{C9A18B86-627D-4AD5-ADA2-1C712EFF76D2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CBEE8ECF-9B53-465D-9030-A8B4229D2798}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D20B3E03-B757-4B2D-9647-9D2AADA1510D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D438BCFB-F069-4A38-814E-81CBF5F9E1DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D4E9B5BD-309F-44C7-AD7D-B2B4D6B32390}" = rport=10243 | protocol=6 | dir=out | app=system | "{D9B1A191-012F-4324-BAE7-DD8C8258563E}" = rport=138 | protocol=17 | dir=out | app=system | "{DD198503-94F1-42F4-B921-F7CED34BFB65}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{DDF53D03-EEE3-456B-89F9-19C4FF70CDB7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E6F0051D-7374-4AA1-8229-F43B5F5D679D}" = rport=139 | protocol=6 | dir=out | app=system | "{E99DBCA5-ECA5-4EEB-A6CA-C30C30E017B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EEE8C7BD-F54C-4A4B-A7BB-2444EE74EAA9}" = lport=137 | protocol=17 | dir=in | app=system | "{FF7DE32F-662A-4A16-B1D5-848D4A58FEE4}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06112A9B-2475-42F1-A2D4-9E610DB4EAE1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0FE69A35-1B7A-4C3C-B1E3-A10DFF02E7C2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{110AC6D8-51BF-4F15-8EE1-475CA17A6DC7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{119A6C49-2BD7-41DD-8BFB-9FDBB2C00D8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1844CB75-155B-4414-B7BA-AB4E8A50E9F7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{20CC3745-C917-412A-94A7-6EB824A86335}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{23BC4BF6-2067-4B47-ABEA-97C587BCD7AC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{25C4E63D-69E5-414E-9EA7-E0C4092BE0F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2638E9D7-20A7-4F54-AB93-0E9CAA3C115E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{2BE60FA9-1CAA-4821-AC18-F3A5F206CDF9}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | "{2EC4AEFF-8912-43E7-8BC5-55E9A880F4DE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{3653439A-78D9-4C9E-8B31-0010C668A098}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{37523953-6B36-445A-9768-FFE111B9473C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{47CA01E4-127D-43A3-A0C4-51410F7F43F3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{51F12277-1E5F-40A6-8EC3-7DB3E2425441}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{58AC2ED5-57DA-45D9-A888-36D75B8A785B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{59976F9E-88CA-4457-A74A-EFDF77B1C232}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6045AF28-457D-4E49-81DC-4D58D74CC861}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{65055C93-5B99-4C33-9C75-335E3B504D6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6975FA2A-20AC-46E8-BE9C-B6740093D02F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6CBDBE18-C37E-470F-B97D-320240EE87C8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6E545AA2-34BC-4A07-B48B-CF2B5CE216AE}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | "{6EADFB01-C32E-474F-8961-316AD9BBF021}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{6F2A0FE8-59F0-40C4-9EA1-BD96F3D8F1FB}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt2 demo\dirt2.exe | "{730FE475-DB22-4366-A750-D69103D9AD49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{771B617B-8018-42AC-B099-52AB58A3F8D4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7B2DF726-F165-408F-9BCA-96540DE97116}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{7B70C91C-F025-44A4-8153-12C0D63B4DC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7E0418FB-A462-4029-A51C-08F2DB8DDE9A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{80C8F030-5BFA-40B4-A5A6-D24218A863B6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{8124AB82-7718-4EEC-9243-35D2486FC194}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{8447185E-67DD-40BD-8CCF-7A78FB56D7BF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{862C80A8-A3AC-4226-B780-A679F1D5BB1F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8804B520-D335-4131-A280-DE48A0A80446}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8C126CD3-5C6B-4A56-9DDD-08012994CBBD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{91268623-B8AB-4BB0-86DE-675F579833A6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{ACAF3AE1-D441-47D3-9845-331CDEF8EBAB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{BD4B30A9-47C3-495F-B93A-A92B1BDE70F4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{BDEB0282-1256-4E7C-A05C-345CC3931EE4}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{BF9BAA0A-54D3-42E1-8FA7-DAAB3EABE9DB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{D4038B78-39CA-498F-9612-047714BFBCA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DD416591-73E9-4B6B-9E92-1E3F67B088BF}" = protocol=6 | dir=out | app=system | "{E5B3E8B4-0DC8-45E4-B1FE-02BBBD4C5454}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{E9D5D485-70CC-46E5-9D8E-C70B7ADF0994}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{E9F59091-6BD9-4B0D-8616-FEE57361C00B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{EFB76D34-A47A-46E0-8A28-E9FA9C420CD3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{F5515ABB-E7BA-4B6F-A3A1-F38B43DE6118}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | "{F83BB89D-981B-48B9-B91A-D71FF21608ED}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt2 demo\dirt2.exe | "{FFF5D650-BF8A-4AB9-97D2-33C59F598294}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | "TCP Query User{E22DDE37-2860-43C8-AC74-B893BF5B5E8A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{C324012A-73A9-479F-B310-518EAD43DAFB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3B20226B-63ED-B863-B224-FE40401B21CA}" = ATI Catalyst Install Manager "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{6B9CE44B-52D0-4B2F-BDFA-56FF4977A790}" = AVG 2012 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{EEB06ECB-38F0-68CD-B215-94D50914C0F8}" = ccc-utility64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2012 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{01868E82-DA4F-BFF8-45CF-9B1CAE8810D9}" = Catalyst Control Center Core Implementation "{01CC7DB7-909B-E630-A44A-8118036CAF3C}" = CCC Help Korean "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{07367450-E3E6-B4A1-E19C-A07429026680}" = CCC Help Swedish "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{1C42AA63-B354-56AF-69CA-FA73285368BE}" = CCC Help German "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FFDACFC-898C-FC99-0140-AE2FC18B710E}" = Catalyst Control Center Graphics Full New "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{268E2A87-470B-118B-B3AD-6F2615B86623}" = CCC Help Greek "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{3601754A-C72B-E4B3-CE39-78CCD0B58DC9}" = CCC Help Russian "{3A69B28B-6E44-E512-C395-EEDCB5BCB485}" = CCC Help Danish "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3BA616F8-F969-4DE7-0C85-35BE954DDB8A}" = CCC Help Hungarian "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management "{3EED6569-D845-F8D1-9648-84729711590E}" = CCC Help Italian "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011 "{45DB5C4F-5C49-42EA-A4F9-8B26F449B2AC}_is1" = GTR 2 Demo "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A41156A-0669-F7B5-B24C-5E25C69F1E68}" = CCC Help Turkish "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{51F026FA-5146-4232-A8BA-1364740BD053}" = Video Web Camera "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{63ADFC07-D92A-670C-3826-BB0C9CC41D8A}" = CCC Help Polish "{6488561D-83C8-6987-6163-744E60680139}" = CCC Help Japanese "{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69CA5A5F-7541-5216-6433-DE69E4245116}" = Catalyst Control Center Graphics Light "{69F214C9-507D-7EB5-FF08-926CFD0D5EC6}" = Catalyst Control Center Localization All "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{762CB899-DF14-EB84-78F5-888C83AA7DC3}" = Catalyst Control Center Graphics Previews Common "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{8153b40b-91d5-4a0f-8271-130d3ce83957}" = Nero 9 Essentials "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83E4C065-91B9-20DD-74DA-90A71242CE18}" = CCC Help Norwegian "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AEAE107-B186-4EA8-5F84-3AAA3158FEB1}" = CCC Help Chinese Standard "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{975B24AC-8CB7-B4E1-E666-37964657576E}" = CCC Help Chinese Traditional "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2 "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A45B7A40-694C-BAB8-EE69-4240ADFEA1FF}" = CCC Help Finnish "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AD768FF7-E329-886C-D88E-585F26BB8738}" = CCC Help Dutch "{AE04B8FC-4CD9-4A94-BE8F-C2434470FB11}" = DiRT2 Demo "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B8F5BACE-194E-0203-023E-2FFEF68EE290}" = CCC Help English "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C450D07C-3914-5481-A068-29975DA5C596}" = CCC Help French "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0 "{C7D27207-0F86-4B6F-859C-21800A2C592E}" = Grand Prix 4 "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{C9165CF3-A14D-A281-B62E-37312AA9E63D}" = CCC Help Spanish "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game "{D4E16961-E6FA-4689-AD09-3DB7E5770167}" = Catalyst Control Center InstallProxy "{D6B1E149-790E-3B60-07F9-07A40ECAFBA0}" = Catalyst Control Center Graphics Full Existing "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DBF91CC3-41F6-0D99-3D2D-686C59865652}" = ccc-core-static "{DD49AC0F-E08A-F77D-AB38-2EE9CD5D8F0B}" = CCC Help Thai "{DECEFADB-0486-6252-C312-49DDAC71DF33}" = CCC Help Portuguese "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F7425F93-2071-A946-008A-6ACA60B43FB2}" = CCC Help Czech "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "AMP WinOFF" = AMP WinOFF 5.0.1 "aTube Catcher" = aTube Catcher "Biet-O-Matic v2.14.6" = Biet-O-Matic v2.14.6 "Blue Byte Game Channel" = Blue Byte Game Channel "Catan Online Welt" = Catan Online Welt "conduitEngine" = Conduit Engine "DivX Setup" = DivX-Setup "DVD Shrink_is1" = DVD Shrink 3.2 "Dziobas Rar Player_is1" = Dziobas Rar Player 0.009.52 "ElsterFormular 11.5.1.4843" = ElsterFormular "ESET Online Scanner" = ESET Online Scanner v3 "facetheme" = Facetheme "FLV Player" = FLV Player 2.0 (build 25) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free CD to MP3 Converter" = Free CD to MP3 Converter "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "GameSpy Arcade" = GameSpy Arcade "GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011 "GM(S) - Toolbar" = GM(S) - Toolbar "Identity Card" = Identity Card "InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "OpenAL" = OpenAL "Orbit_is1" = Orbit Downloader "P2P_MAX_DE_Atube Toolbar" = P2P_MAX_DE_Atube Toolbar "Packard Bell Game Console" = Packard Bell Game Console "Packard Bell InfoCentre" = Packard Bell InfoCentre "Packard Bell Registration" = Packard Bell Registration "Packard Bell Screensaver" = Packard Bell ScreenSaver "Packard Bell Welcome Center" = Welcome Center "S4Uninst" = Die Siedler IV "Software Informer_is1" = Software Informer 1.0 BETA "TeamViewer 7" = TeamViewer 7 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.4 "Wajam" = Wajam "WildTangent packardbell Master Uninstall" = Packard Bell Games "WinLiveSuite_Wave3" = Windows Live Essentials "WT078791" = Bejeweled 2 Deluxe "WT078806" = Insaniquarium Deluxe "WT078833" = Zuma Deluxe "WT078960" = Blasterball 3 "WT078964" = Bob the Builder Can-Do-Zoo "WT079020" = Faerie Solitaire "WT079024" = FATE - The Traitor Soul "WT079064" = Jewel Quest "WT079068" = Jewel Quest Solitaire 3 "WT079108" = Penguins! "WT079116" = Polar Bowler "WT079120" = Polar Golfer "WT079124" = Polar Pool "WT079177" = Virtual Villagers - A New Home "WT079184" = Yahtzee "WT079363" = Build-a-lot 2 "WT079366" = Chicken Invaders 3 - Revenge of the Yolk "WT079395" = Escape Rosecliff Island "WT079397" = Mahjongg Artifacts "WT079421" = Virtual Families ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "William Hill Poker" = William Hill Poker "winnerpoker" = Winner Poker ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06.06.2012 02:41:05 | Computer Name = PB-PackardBell | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 06.06.2012 18:31:11 | Computer Name = PB-PackardBell | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 06.06.2012 18:31:38 | Computer Name = PB-PackardBell | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 06.06.2012 18:31:40 | Computer Name = PB-PackardBell | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe" in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 06.06.2012 18:32:09 | Computer Name = PB-PackardBell | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 06.06.2012 18:32:47 | Computer Name = PB-PackardBell | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.06.2012 18:32:47 | Computer Name = PB-PackardBell | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.06.2012 18:32:47 | Computer Name = PB-PackardBell | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.06.2012 18:32:47 | Computer Name = PB-PackardBell | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 07.06.2012 03:12:21 | Computer Name = PB-PackardBell | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\PB\Downloads\SoftonicDownloader_fuer_super.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. [ System Events ] Error - 11.07.2012 08:55:36 | Computer Name = PB-PackardBell | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.07.2012 08:59:04 | Computer Name = PB-PackardBell | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.07.2012 08:59:04 | Computer Name = PB-PackardBell | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.07.2012 08:59:04 | Computer Name = PB-PackardBell | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.07.2012 09:00:36 | Computer Name = PB-PackardBell | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.07.2012 09:00:36 | Computer Name = PB-PackardBell | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.07.2012 09:00:36 | Computer Name = PB-PackardBell | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.07.2012 09:01:06 | Computer Name = PB-PackardBell | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.07.2012 09:01:06 | Computer Name = PB-PackardBell | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.07.2012 09:01:06 | Computer Name = PB-PackardBell | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Vielen Dank schon einmal im Voraus für Eure Hilfe |
| Themen zu Trojaner Bundespolizei: Zahlung von 100€ über UCash wird verlangt |
| adware.hotbar, adware.softomate, autorun, conduit, converter, flash player, free download, heuristiks/extra, heuristiks/shuriken, iexplore.exe, internet, launch, mozilla, nicht möglich, nodrives, packard bell, plug-in, pup.casino, pup.fctplugin, pup.offerbundler.st, pup.toolbardownloader, registry, richtlinie, rogue.link, rundll, searchscopes, software, svchost.exe, trojan.agent.ge, trojan.agent.gen, trojaner, usb 2.0, wajam, zahlung |
Baum-Darstellung