![]() |
|
Plagegeister aller Art und deren Bekämpfung: GVU BSI Virus hat mein Computer gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() GVU BSI Virus hat mein Computer gesperrt Guten Abend, mich und mein Win7 HP Pavilion hat es auch erwischt und ich bitte demütigst um Hilfe. Werde den Laptop nach Weihnachten formatieren wenn ich einmal die Zeit finde, bis dahin bin ich aber dringend auf ihn angewiesen. Ich habe Malwarebytes Anti-Malware bereits runtergeladen, die Datenbank aktualisiert und einen vollständigen Scan durchgeführt (als administrator). Log siehe unten. Auch OTL habe ich auf meinen Desktop geladen und den Systemscan durchgeführt (als administrator). Logs siehe unten. Noch eine kurze Zwischenfrage, darf ich den Computer jetzt schon wieder ohne abgesicherten Modus starten oder geht die Sache dann wieder von vorn los? Ich hoffe Ihr könnt mir helfen, vorab schonmal ein riesen Dankeschön, ihr seid Lebensretter. mbam-log-2012-12-02 (20-27-37) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.02.03 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Peter W :: PETERW-HP [Administrator] 02.12.2012 20:27:37 mbam-log-2012-12-02 (20-27-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 442867 Laufzeit: 1 Stunde(n), 3 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\PETERW~1\LOCALS~1\Temp\msahqix.bat -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\PETERW~1\LOCALS~1\Temp\msahqix.bat -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent.GNI) -> Bösartig: (C:\Users\PETERW~1\LOCALS~1\Temp\msahqix.bat) Gut: () -> Löschen bei Neustart. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 15 C:\Users\Peter W\Local Settings\Temp\msahqix.bat (Trojan.Agent.GNI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-18\$2983f3776829a77dcd7bf16570ade05c\n (Trojan.0Access) -> Löschen bei Neustart. C:\$Recycle.Bin\S-1-5-18\$2983f3776829a77dcd7bf16570ade05c\U\00000001.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-18\$2983f3776829a77dcd7bf16570ade05c\U\80000000.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-18\$2983f3776829a77dcd7bf16570ade05c\U\800000cb.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ms22C1BA21.dat (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter W\AppData\Local\Temp\0.02748062240947624.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter W\AppData\Local\Temp\22c131fe.exe (Trojan.GarbRan.DI2) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter W\AppData\Local\Temp\22c1608d.exe (Trojan.Agent.GNI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter W\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter W\AppData\Roaming\Gunu\vycyo.exe (Trojan.Agent.GNI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter W\AppData\Roaming\Uzcio\zilo.exe (Trojan.Agent.GNI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter W\AppData\Roaming\Xuip\pyzaa.exe (Trojan.Agent.GNI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter W\Local Settings\Temp\msqxmif.bat (Trojan.Agent.GNI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Peter W\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL.txt Code:
ATTFilter OTL logfile created on: 02.12.2012 21:56:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter W\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,95 Gb Total Physical Memory | 3,19 Gb Available Physical Memory | 80,84% Memory free 7,90 Gb Paging File | 7,19 Gb Available in Paging File | 91,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,41 Gb Total Space | 161,27 Gb Free Space | 35,81% Space Free | Partition Type: NTFS Drive D: | 15,05 Gb Total Space | 1,64 Gb Free Space | 10,90% Space Free | Partition Type: NTFS Drive E: | 391,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PETERW-HP | User Name: Peter W | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Peter W\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (xsherlock) -- C:\Windows\SysWOW64\xsherlock.xem (Wellbia.com Co., Ltd.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (UnlockerDriver5) -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{E3CAB253-91D2-4E19-8299-9D00624396ED}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\..\SearchScopes\{E3CAB253-91D2-4E19-8299-9D00624396ED}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3314025382-219878056-2949989134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKU\S-1-5-21-3314025382-219878056-2949989134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKU\S-1-5-21-3314025382-219878056-2949989134-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3314025382-219878056-2949989134-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3314025382-219878056-2949989134-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-3314025382-219878056-2949989134-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-3314025382-219878056-2949989134-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-3314025382-219878056-2949989134-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\S-1-5-21-3314025382-219878056-2949989134-1000\..\SearchScopes\{E3CAB253-91D2-4E19-8299-9D00624396ED}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-3314025382-219878056-2949989134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3314025382-219878056-2949989134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Peter W\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Peter W\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\Peter W\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Peter W\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.127.0_0\npBFHUpdater.dll CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Peter W\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.127.0_0\BFHUpdater.exe CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Peter W\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: Website Logon = C:\Users\Peter W\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\ CHR - Extension: YouTube = C:\Users\Peter W\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Peter W\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Battlefield Heroes = C:\Users\Peter W\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.127.0_0\ CHR - Extension: Google Mail = C:\Users\Peter W\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O3 - HKU\S-1-5-21-3314025382-219878056-2949989134-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3314025382-219878056-2949989134-1000..\Run: [Akamai NetSession Interface] C:\Users\Peter W\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-3314025382-219878056-2949989134-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Peter W\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Peter W\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) F3:64bit: - HKU\S-1-5-21-3314025382-219878056-2949989134-1000 WinNT: Load - (C:\Users\PETERW~1\LOCALS~1\Temp\msahqix.bat) - File not found F3 - HKU\S-1-5-21-3314025382-219878056-2949989134-1000 WinNT: Load - (C:\Users\PETERW~1\LOCALS~1\Temp\msahqix.bat) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{090A1A58-D99A-4D43-B98A-E2792735962E}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{05985a86-a4cb-11e1-8369-001e101f3315}\Shell - "" = AutoRun O33 - MountPoints2\{05985a86-a4cb-11e1-8369-001e101f3315}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{764f094a-d324-11e1-a02e-101f7413e3da}\Shell - "" = AutoRun O33 - MountPoints2\{764f094a-d324-11e1-a02e-101f7413e3da}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{764f098f-d324-11e1-a02e-101f7413e3da}\Shell - "" = AutoRun O33 - MountPoints2\{764f098f-d324-11e1-a02e-101f7413e3da}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{764f0a98-d324-11e1-a02e-101f7413e3da}\Shell - "" = AutoRun O33 - MountPoints2\{764f0a98-d324-11e1-a02e-101f7413e3da}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{764f0ace-d324-11e1-a02e-101f7413e3da}\Shell - "" = AutoRun O33 - MountPoints2\{764f0ace-d324-11e1-a02e-101f7413e3da}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{76d9c135-605e-11e1-bfb9-101f7413e3da}\Shell - "" = AutoRun O33 - MountPoints2\{76d9c135-605e-11e1-bfb9-101f7413e3da}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{76d9c146-605e-11e1-bfb9-101f7413e3da}\Shell - "" = AutoRun O33 - MountPoints2\{76d9c146-605e-11e1-bfb9-101f7413e3da}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{76d9c15b-605e-11e1-bfb9-101f7413e3da}\Shell - "" = AutoRun O33 - MountPoints2\{76d9c15b-605e-11e1-bfb9-101f7413e3da}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{76d9d9e2-605e-11e1-bfb9-101f7413e3da}\Shell - "" = AutoRun O33 - MountPoints2\{76d9d9e2-605e-11e1-bfb9-101f7413e3da}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.02 20:28:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Peter W\Desktop\OTL.exe [2012.12.02 20:26:16 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Roaming\Malwarebytes [2012.12.02 20:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.02 20:26:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.02 20:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.02 20:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.02 20:05:06 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.12.02 19:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.02 19:48:14 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.12.02 19:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.12.02 19:47:53 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Roaming\Fuez [2012.12.02 19:47:42 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Roaming\Xykiar [2012.12.02 19:47:42 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Roaming\Xuip [2012.12.02 19:46:55 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Roaming\Uzcio [2012.12.02 19:46:55 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Roaming\Ohkam [2012.12.02 19:46:55 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Roaming\Ihxor [2012.12.02 19:42:01 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Roaming\Osexe [2012.12.02 19:42:01 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Roaming\Nawin [2012.12.02 19:42:01 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Roaming\Gunu [2012.12.02 02:45:51 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2012.12.02 02:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2012.12.01 21:10:50 | 000,000,000 | ---D | C] -- C:\Users\Peter W\Local Settings [2012.12.01 14:32:39 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{2F6E199C-8E8A-498F-9C5D-0F4436D0721F} [2012.12.01 00:52:11 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{3267501B-D04F-4940-9BF9-FB5D06796EFD} [2012.11.30 12:51:50 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{376D61A2-3A6C-41E5-BBC5-236703C51728} [2012.11.29 19:32:56 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{22B86DC8-056C-4A76-8671-22C8B954D577} [2012.11.28 22:38:10 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{EC33D96B-D341-4DF2-8082-BDB0DFCA8A1B} [2012.11.28 10:37:48 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{C0BAE8CB-E67C-4FA6-8044-8F667963272B} [2012.11.27 14:13:28 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{55F0FFF9-9B96-4E4F-B660-513742973D0C} [2012.11.26 18:38:06 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{09976F33-8782-4837-B8AF-6BE9B75C9968} [2012.11.25 18:05:15 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{FF621F60-FF41-44D0-9274-2F3328858FB6} [2012.11.23 18:17:46 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{9B455E3F-626D-4E01-8BB8-F22CCBDEF2C5} [2012.11.22 11:42:20 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{C05BEC2F-872F-4153-9442-60517F83B57D} [2012.11.21 14:25:06 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{42D9BC9F-BB1E-425A-82A4-8EAE25FBEDF5} [2012.11.21 02:24:45 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{9AAE39AF-4992-45D4-A19C-8F7C50A58057} [2012.11.20 12:47:09 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{43117D3B-2771-41CE-8A28-D09E5336483E} [2012.11.19 14:11:51 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{BF8CACA4-C617-436B-8E92-A1CAA3C98EB9} [2012.11.18 23:50:27 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{35977F04-7419-497E-A3DA-EB0D9E347CD1} [2012.11.18 11:50:14 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{3D4C0E62-0C75-4663-B7ED-9FF3C362E155} [2012.11.17 16:34:28 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{D3360D78-0381-45D3-9C01-AEC0B409D30A} [2012.11.16 20:08:02 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{DFD1FCC5-E452-4867-A5DA-7FE433853086} [2012.11.15 18:50:35 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{495DE674-C37D-4165-9236-99571C0671E1} [2012.11.15 03:10:57 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{0A49C721-E8DF-448A-9EC5-03B975DAB5D8} [2012.11.14 15:10:46 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{6BB01FD3-7A44-4D0A-9BC4-AF312A7AD774} [2012.11.14 01:30:43 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{F9CACC5B-9FAD-40B2-8E8D-5F30CC59378D} [2012.11.13 13:30:32 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{E72FCCB4-6A32-4D56-AD14-E03ADD65B0F7} [2012.11.12 16:18:08 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{2591CC5E-89EC-476B-BF8F-29D8EBE35A01} [2012.11.09 19:34:58 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{BA56051E-584A-4033-92AF-E3FFEE0A9F86} [2012.11.08 17:23:09 | 000,666,720 | ---- | C] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem [2012.11.08 16:28:04 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{C2BF526D-038E-4C41-A59B-150795BFFCB4} [2012.11.05 23:54:22 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Roaming\Avira [2012.11.05 23:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.05 23:48:49 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.05 23:48:49 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.05 23:48:49 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.05 23:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.05 23:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.11.05 13:41:56 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{266953B9-F2E2-48E2-B641-CCFA43E28C3B} [2012.11.05 00:43:03 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{AC2AB963-DF75-416E-9EC8-73D5D9C2D8EE} [2012.11.03 15:24:23 | 000,000,000 | ---D | C] -- C:\Users\Peter W\AppData\Local\{E4DB2DE1-B66A-40D3-B917-F8067F4E7156} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.02 21:53:43 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.02 21:53:43 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.02 21:53:43 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.02 21:53:43 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.02 21:53:43 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.02 21:47:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.02 21:47:28 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys [2012.12.02 20:28:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peter W\Desktop\OTL.exe [2012.12.02 20:14:12 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.02 20:14:12 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.02 20:07:51 | 095,023,320 | ---- | M] () -- C:\ProgramData\12AB1C22sm.pad [2012.12.02 20:06:18 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.02 19:48:15 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.12.02 19:45:05 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPeter W.job [2012.12.02 19:41:49 | 000,175,616 | -HS- | M] () -- C:\ProgramData\81iTFg3v.exe [2012.12.02 19:39:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.02 19:30:13 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.02 16:12:04 | 000,000,000 | ---- | M] () -- C:\ProgramData\3GuU1vx3.dat [2012.12.02 16:11:48 | 000,000,001 | ---- | M] () -- C:\ProgramData\81iTFg3v.exe_.b [2012.12.02 16:11:48 | 000,000,001 | ---- | M] () -- C:\ProgramData\81iTFg3v.exe.b [2012.12.01 00:10:08 | 001,245,444 | ---- | M] () -- C:\Users\Peter W\Desktop\WBB.Thbunlegsydrp-HD3D.rar [2012.12.01 00:08:27 | 000,200,349 | ---- | M] () -- C:\Users\Peter W\Desktop\wbb.thbunlegsydrp_hd3d_2b11c.rar [2012.11.30 16:26:51 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.11.28 21:12:26 | 000,152,009 | ---- | M] () -- C:\Users\Peter W\Desktop\essen.jpg [2012.11.24 16:04:41 | 000,131,990 | ---- | M] () -- C:\Users\Peter W\Desktop\happy.gif [2012.11.21 00:56:30 | 000,094,695 | ---- | M] () -- C:\Users\Peter W\Desktop\wtf.png [2012.11.13 15:34:36 | 000,054,927 | ---- | M] () -- C:\Users\Peter W\Desktop\kuendigungsschreiben-download.pdf [2012.11.13 13:27:32 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.13 13:27:32 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.08 17:23:09 | 000,666,720 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem [2012.11.05 23:49:01 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.05 23:43:58 | 104,044,560 | ---- | M] () -- C:\Users\Peter W\Desktop\avira_free_antivirus_de.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.02 19:48:15 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.12.02 19:42:21 | 095,023,320 | ---- | C] () -- C:\ProgramData\12AB1C22sm.pad [2012.12.02 16:12:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\3GuU1vx3.dat [2012.12.02 16:11:48 | 000,175,616 | -HS- | C] () -- C:\ProgramData\81iTFg3v.exe [2012.12.02 16:11:48 | 000,000,001 | ---- | C] () -- C:\ProgramData\81iTFg3v.exe_.b [2012.12.02 16:11:48 | 000,000,001 | ---- | C] () -- C:\ProgramData\81iTFg3v.exe.b [2012.12.01 00:09:58 | 001,245,444 | ---- | C] () -- C:\Users\Peter W\Desktop\WBB.Thbunlegsydrp-HD3D.rar [2012.12.01 00:08:10 | 000,200,349 | ---- | C] () -- C:\Users\Peter W\Desktop\wbb.thbunlegsydrp_hd3d_2b11c.rar [2012.11.28 21:12:26 | 000,152,009 | ---- | C] () -- C:\Users\Peter W\Desktop\essen.jpg [2012.11.24 16:04:38 | 000,131,990 | ---- | C] () -- C:\Users\Peter W\Desktop\happy.gif [2012.11.21 00:56:30 | 000,094,695 | ---- | C] () -- C:\Users\Peter W\Desktop\wtf.png [2012.11.13 15:34:36 | 000,054,927 | ---- | C] () -- C:\Users\Peter W\Desktop\kuendigungsschreiben-download.pdf [2012.11.05 23:49:01 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.05 23:42:45 | 104,044,560 | ---- | C] () -- C:\Users\Peter W\Desktop\avira_free_antivirus_de.exe [2012.01.24 03:43:22 | 000,010,240 | ---- | C] () -- C:\Users\Peter W\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.13 02:53:19 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.01.13 02:53:17 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.11.06 20:44:05 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.05 17:05:05 | 000,007,607 | ---- | C] () -- C:\Users\Peter W\AppData\Local\Resmon.ResmonCfg [2011.08.27 09:01:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.27 08:54:02 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.08.27 08:53:03 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.27 08:53:03 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.27 08:53:03 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.08.27 08:53:02 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.27 08:50:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.06.21 12:14:44 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011.02.22 16:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2010.12.17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-3314025382-219878056-2949989134-1000\$2983f3776829a77dcd7bf16570ade05c\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\$Recycle.Bin\S-1-5-18\$2983f3776829a77dcd7bf16570ade05c\n. "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 02.12.2012 21:56:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peter W\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,95 Gb Total Physical Memory | 3,19 Gb Available Physical Memory | 80,84% Memory free 7,90 Gb Paging File | 7,19 Gb Available in Paging File | 91,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,41 Gb Total Space | 161,27 Gb Free Space | 35,81% Space Free | Partition Type: NTFS Drive D: | 15,05 Gb Total Space | 1,64 Gb Free Space | 10,90% Space Free | Partition Type: NTFS Drive E: | 391,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PETERW-HP | User Name: Peter W | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-3314025382-219878056-2949989134-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit) "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{76785052-9E6A-4403-B06A-929B6BF9D742}" = HP 3D DriveGuard "{7A33B9B4-0C40-53B4-CCA0-D469A83DE142}" = ccc-utility64 "{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}" = ATI Catalyst Install Manager "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "GPL Ghostscript 9.04" = GPL Ghostscript "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00CCB6C5-DD11-F614-5955-FACAFA2C80F7}" = CCC Help Turkish "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0372849C-A9C1-A7BF-7180-9DB15334D778}" = Catalyst Control Center "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BB68729-BD8E-76E0-A357-9685790987F1}" = Catalyst Control Center Profiles Mobile "{115BAB0B-AB04-E481-76F5-82D90C3049A6}" = CCC Help Danish "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19F2D706-4834-2DD2-D12E-C10E75A57C81}" = CCC Help French "{1AA895E9-B751-408B-BB9C-527C04E52C91}" = Catalyst Control Center - Branding "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update "{1CB8B169-534E-6F89-CDF9-0B812FBACF9A}" = CCC Help Hungarian "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup "{228CDD95-4069-8D94-7584-82BDE9A68B63}" = CCC Help Japanese "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29 "{28CA24E3-D323-3900-9519-4FFE9984EC53}" = CCC Help Polish "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}" = HP Documentation "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{49799BCA-8E53-63CD-D2D4-BAC6AB782DEE}" = Catalyst Control Center Graphics Previews Common "{49FD3CE5-1839-7EEA-D7D3-17A23826B859}" = CCC Help Greek "{49FE4B97-0E1E-F9EC-2123-4DFA80064694}" = Catalyst Control Center Localization All "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{55B013D5-14E7-C0B1-CE42-9C567AAEE3C9}" = CCC Help Dutch "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5E2C8F1A-AC86-FBCD-B3E4-EBF9E747BC4D}" = CCC Help Korean "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager "{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06 "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{81EDA038-2320-B7E2-4D78-E12C2D55CE75}" = CCC Help German "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89A6150B-0CE8-AA44-F24B-FD8DCC058ACC}" = CCC Help Norwegian "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B619E05-80B3-20A1-5C1C-FDCDEC394344}" = CCC Help Chinese Standard "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EFC331E-07A7-B196-7EA7-549A0CFE07CB}" = CCC Help Swedish "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007 "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7F248B5-B784-E149-124F-ABE878BC725F}" = CCC Help Portuguese "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADBCAA59-C242-4B31-FF51-354159417118}" = CCC Help Thai "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{AEF3AB2B-0B52-E47E-CA66-55E11D41EA04}" = CCC Help Finnish "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011 "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep(TM) "{C118B9C6-BCE5-629D-F9CF-F61BCAD285D9}" = CCC Help Spanish "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C51EF224-3786-5566-3B32-251BDEC5C8E7}" = Catalyst Control Center InstallProxy "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C8DFDC1C-88EC-482D-9279-1E909C1552F1}" = Aeria Ignite "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant "{CE4551E8-8D09-4126-A39B-B7DF82C5EB83}" = HP Software Framework "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D814C606-0199-4A7D-D517-79DC2B3EB7F0}" = CCC Help Russian "{DA05AADA-6407-9E45-7843-45F7393F7A15}" = CCC Help Italian "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DPMW29C8-BE29-1C28-488D-01E96A0ECD54}_is1" = Call OF Duty Modern Warfare 2 version 1.0 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E6041920-6D08-2466-E672-A15B040B5004}" = CCC Help English "{E8EE10CF-31E4-CA63-BD94-B0157BBB2444}" = CCC Help Chinese Traditional "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch "{EDD14387-FE5E-48A3-6B2B-E61DD88FC69E}" = CCC Help Czech "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Aeria Ignite" = Aeria Ignite "Aeria Ignite 1.10.1721" = Aeria Ignite "Alliance of Valiant Arms" = Alliance of Valiant Arms "Avira AntiVir Desktop" = Avira Free Antivirus "Cell C" = Cell C "EasyBits Magic Desktop" = Magic Desktop "FreePDF_XP" = FreePDF (Remove only) "Google Chrome" = Google Chrome "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "OpenAL" = OpenAL "Opera 12.11.1661" = Opera 12.11 "PokerStars" = PokerStars "PunkBusterSvc" = PunkBuster Services "ULTIMATER" = Microsoft Office Ultimate 2007 "Unlocker" = Unlocker 1.9.1 "VLC media player" = VLC media player 2.0.0 "WildTangent hp Master Uninstall" = HP Games "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WT087330" = Bounce Symphony "WT087361" = FATE "WT087393" = Mah Jong Medley "WT087394" = Penguins! "WT087396" = Polar Bowler "WT087490" = Jewel Quest Solitaire "WT087510" = Slingo Deluxe "WT087513" = Virtual Villagers - The Secret City "WT087519" = Wedding Dash "WT087536" = Diner Dash 2 Restaurant Rescue "WT089308" = Blasterball 3 "WT089328" = Farm Frenzy "WT089359" = Cake Mania "WT089362" = Agatha Christie - Peril at End House "WT089453" = Bejeweled 2 Deluxe "WT089454" = Chuzzle Deluxe "WT089455" = Zuma Deluxe "WT089458" = Plants vs. Zombies - Game of the Year "WT089460" = Mystery P.I. - The London Caper "WT089484" = Namco All-Stars PAC-MAN "WT089492" = Crazy Chicken Kart 2 "WT089493" = Fishdom "WT089497" = Big Rig Europe ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3314025382-219878056-2949989134-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Dropbox" = Dropbox "f205d4bcba86bb7a" = Rebtel "UnityWebPlayer" = Unity Web Player "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 05.11.2012 17:44:39 | Computer Name = PeterW-HP | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 05.11.2012 17:44:39 | Computer Name = PeterW-HP | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 05.11.2012 17:44:39 | Computer Name = PeterW-HP | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 05.11.2012 17:44:39 | Computer Name = PeterW-HP | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 05.11.2012 17:44:39 | Computer Name = PeterW-HP | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 05.11.2012 17:44:39 | Computer Name = PeterW-HP | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 05.11.2012 17:44:39 | Computer Name = PeterW-HP | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 05.11.2012 17:44:39 | Computer Name = PeterW-HP | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 05.11.2012 17:44:39 | Computer Name = PeterW-HP | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 05.11.2012 17:46:34 | Computer Name = PeterW-HP | Source = WinMgmt | ID = 10 Description = [ Hewlett-Packard Events ] Error - 15.10.2012 11:24:49 | Computer Name = PeterW-HP | Source = HPSF.exe | ID = 4000 Description = Error - 15.10.2012 11:25:39 | Computer Name = PeterW-HP | Source = HPSF.exe | ID = 4000 Description = Error - 15.10.2012 11:26:29 | Computer Name = PeterW-HP | Source = HPSF.exe | ID = 4000 Description = Error - 15.10.2012 11:27:19 | Computer Name = PeterW-HP | Source = HPSF.exe | ID = 4000 Description = Error - 22.10.2012 12:11:00 | Computer Name = PeterW-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 4043 Ram Utilization: 60 TargetSite: Void UpdateAndDetect() Error - 26.10.2012 19:01:03 | Computer Name = PeterW-HP | Source = HPSF.exe | ID = 4000 Description = Error - 12.11.2012 11:38:51 | Computer Name = PeterW-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 4043 Ram Utilization: 60 TargetSite: Void UpdateAndDetect() Error - 19.11.2012 11:53:11 | Computer Name = PeterW-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088hpsa_service.exe bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 4043 Ram Utilization: TargetSite: Void UpdateAndDetect() Error - 26.11.2012 12:31:56 | Computer Name = PeterW-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 4043 Ram Utilization: 50 TargetSite: Void UpdateAndDetect() Error - 27.11.2012 13:16:38 | Computer Name = PeterW-HP | Source = HPSF.exe | ID = 4000 Description = [ HP Connection Manager Events ] Error - 25.11.2012 19:42:46 | Computer Name = PeterW-HP | Source = hpCMSrv | ID = 5 Description = 2012/11/26 01:42:46.918|0000128C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 25.11.2012 19:42:47 | Computer Name = PeterW-HP | Source = hpCMSrv | ID = 5 Description = 2012/11/26 01:42:47.947|0000128C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 29.11.2012 21:37:13 | Computer Name = PeterW-HP | Source = hpMobile | ID = 5 Description = 2012.11.30 03:37:13.228|0000265C|Error |[HP.Mobile]NamedPipe::SendStringToServer{bool(string)}|Timeout sending to server Error - 29.11.2012 21:37:13 | Computer Name = PeterW-HP | Source = hpMobile | ID = 5 Description = 2012.11.30 03:37:13.228|00003BF8|Error |[HP.Mobile]NamedPipe::SendStringToServer{bool(string)}|Timeout sending to server Error - 29.11.2012 21:37:13 | Computer Name = PeterW-HP | Source = hpMobile | ID = 5 Description = 2012.11.30 03:37:13.228|000014F4|Error |[HP.Mobile]NamedPipe::SendStringToServer{bool(string)}|Timeout sending to server Error - 29.11.2012 21:37:13 | Computer Name = PeterW-HP | Source = hpMobile | ID = 5 Description = 2012.11.30 03:37:13.228|0000057C|Error |[HP.Mobile]NamedPipe::SendStringToServer{bool(string)}|Timeout sending to server Error - 29.11.2012 21:37:13 | Computer Name = PeterW-HP | Source = hpMobile | ID = 5 Description = 2012.11.30 03:37:13.848|0000057C|Error |[HP.Mobile]NamedPipe::SendStringToServer{bool(string)}|Timeout sending to server Error - 29.11.2012 21:37:13 | Computer Name = PeterW-HP | Source = hpMobile | ID = 5 Description = 2012.11.30 03:37:13.848|0000265C|Error |[HP.Mobile]NamedPipe::SendStringToServer{bool(string)}|Timeout sending to server Error - 29.11.2012 21:37:13 | Computer Name = PeterW-HP | Source = hpMobile | ID = 5 Description = 2012.11.30 03:37:13.848|00003BF8|Error |[HP.Mobile]NamedPipe::SendStringToServer{bool(string)}|Timeout sending to server Error - 02.12.2012 13:50:02 | Computer Name = PeterW-HP | Source = hpCMSrv | ID = 5 Description = 2012/12/02 19:50:02.986|00001820|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] [ OSession Events ] Error - 17.01.2012 11:45:13 | Computer Name = PeterW-HP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 78384 seconds with 840 seconds of active time. This session ended with a crash. [ System Events ] Error - 04.11.2012 07:32:59 | Computer Name = PeterW-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NIS erreicht. Error - 05.11.2012 17:47:32 | Computer Name = PeterW-HP | Source = DCOM | ID = 10016 Description = Error - 06.11.2012 06:02:48 | Computer Name = PeterW-HP | Source = DCOM | ID = 10010 Description = Error - 06.11.2012 10:04:22 | Computer Name = PeterW-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst hpqwmiex erreicht. Error - 07.11.2012 08:16:19 | Computer Name = PeterW-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error - 07.11.2012 08:16:24 | Computer Name = PeterW-HP | Source = DCOM | ID = 10010 Description = Error - 07.11.2012 13:26:27 | Computer Name = PeterW-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst hpqwmiex erreicht. Error - 08.11.2012 06:46:38 | Computer Name = PeterW-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst hpqwmiex erreicht. Error - 10.11.2012 12:54:02 | Computer Name = PeterW-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst hpqwmiex erreicht. Error - 14.11.2012 13:02:00 | Computer Name = PeterW-HP | Source = Service Control Manager | ID = 7034 Description = Dienst "Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > Geändert von PeteyPablo (02.12.2012 um 21:52 Uhr) |
Themen zu GVU BSI Virus hat mein Computer gesperrt |
akamai, antivirus, avira, computer, desktop, diner dash, dringend, failed, firefox, flash player, helper, homepage, igdpmd64.sys, index, install.exe, launch, logfile, microsoft office starter 2010, office 2007, ohne abgesicherten modus, plug-in, pum.userwload, realtek, recycle.bin, registry, rootkit.0access, runctf.lnk, security, software, starten, trojan.0access, trojan.agent.gni, trojan.fakems, trojan.garbran.di2, trojan.ransom, trojan.ransom.sugen, usb 3.0, wildtangent games |