| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google-Link und andere Probleme!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.12.2012, 18:45
| #17 |
 |  Google-Link und andere Probleme! Hier sind die Logs, wobei aswMBR wieder an der gleichen Stelle nicht weitermachte.
__________________Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-20 18:05:32
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160811AS rev.3.AAE
Running: 2qp3jtr4.exe; Driver: C:\DOKUME~1\Amadeo\LOKALE~1\Temp\uxtdypog.sys
---- System - GMER 1.0.15 ----
SSDT sptd.sys ZwCreateKey [0xB9ECFA50]
SSDT sptd.sys ZwEnumerateKey [0xB9F03FFE]
SSDT sptd.sys ZwEnumerateValueKey [0xB9F0438C]
SSDT sptd.sys ZwOpenKey [0xB9ECFA30]
SSDT sptd.sys ZwQueryKey [0xB9F04464]
SSDT sptd.sys ZwQueryValueKey [0xB9F042E4]
SSDT sptd.sys ZwSetValueKey [0xB9F044F6]
INT 0x62 ? 8B1D1CC8
INT 0x63 ? 8B06FF00
INT 0xA4 ? 8B06FF00
INT 0xB4 ? 8B1D1CC8
INT 0xB4 ? 8B1D1CC8
INT 0xB4 ? 8B06FF00
INT 0xB4 ? 8B1D1CC8
Code BA7BAC9C ZwRequestPort
Code BA7BAD3C ZwRequestWaitReplyPort
Code BA7BABFC ZwTraceEvent
Code BA7BAC9B NtRequestPort
Code BA7BAD3B NtRequestWaitReplyPort
Code BA7BABFB NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!NtTraceEvent 805351AE 5 Bytes JMP BA7BAC00
PAGE ntkrnlpa.exe!NtRequestPort 805A2A52 5 Bytes JMP BA7BACA0
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A2D7E 5 Bytes JMP BA7BAD40
PAGE sptd.sys B9EF3000 1 Byte [74]
PAGE sptd.sys B9EF3004 5 Bytes [40, 33, EF, B9, A3]
PAGE sptd.sys B9EF300C 5 Bytes [50, 34, EF, B9, 98]
PAGE sptd.sys B9EF3014 5 Bytes [B8, 33, EF, B9, 59] {MOV EAX, 0x59b9ef33}
PAGE sptd.sys B9EF301C 5 Bytes [78, 32, EF, B9, 61]
PAGE ...
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB9F8CD38]
? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB5880000, 0x29C9F0, 0xE8000020]
.text USBPORT.SYS!DllUnload B58378AC 5 Bytes JMP 8B06F410
.text win32k.sys!EngAcquireSemaphore + 20F0 BF8082F4 5 Bytes JMP BA7BA480
.text win32k.sys!EngFreeUserMem + 5BD7 BF80EE80 5 Bytes JMP BA7BA3E0
.text win32k.sys!EngSetLastError + 79AA BF8240DD 5 Bytes JMP BA7BA5C0
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP BA7BAA20
.text win32k.sys!XLATEOBJ_iXlate + 2EDD BF85DC60 5 Bytes JMP BA7BA520
.text win32k.sys!EngCreatePalette + 8A BF85F602 5 Bytes JMP BA7BA8E0
.text win32k.sys!EngCopyBits + 1409 BF899E45 5 Bytes JMP BA7BA700
.text win32k.sys!EngCopyBits + 4DF9 BF89D835 5 Bytes JMP BA7BA660
.text win32k.sys!EngEraseSurface + A977 BF8C1CCC 5 Bytes JMP BA7BA7A0
.text win32k.sys!EngDeleteSemaphore + 3B30 BF8EBD73 2 Bytes JMP BA7BA980
.text win32k.sys!EngDeleteSemaphore + 3B33 BF8EBD76 2 Bytes [EC, FA] {IN AL, DX ; CLI }
.text win32k.sys!EngCreateClip + 1A40 BF914401 5 Bytes JMP BA7BAAC0
.text win32k.sys!EngCreateClip + 1FD0 BF914991 5 Bytes JMP BA7BAB60
.text win32k.sys!EngCreateClip + 2616 BF914FD7 5 Bytes JMP BA7BA840
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E96574] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E960C0] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E96FE0] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9E960C0] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9E96362] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9E962A4] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9E971BC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9E96FE0] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8B1D01F8
Device \FileSystem\Udfs \UdfsCdRom 8AEDE430
Device \FileSystem\Udfs \UdfsDisk 8AEDE430
Device \Driver\usbuhci \Device\USBPDO-0 8AEBC430
Device \Driver\usbuhci \Device\USBPDO-1 8AEBC430
Device \Driver\usbuhci \Device\USBPDO-2 8AEBC430
Device \Driver\usbuhci \Device\USBPDO-3 8AEBC430
Device \Driver\usbehci \Device\USBPDO-4 8AEBD430
Device \Driver\NetBT \Device\NetBT_Tcpip_{66F64D73-0F8A-4367-86D2-17398744B2EC} 8A8F51F8
Device \Driver\Cdrom \Device\CdRom0 8B068430
Device \Driver\atapi \Device\Ide\IdePort0 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8B068430
Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 8AEE2430
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A8F51F8
Device \Driver\NetBT \Device\NetbiosSmb 8A8F51F8
Device \Driver\dtsoftbus01 \Device\0000006c 8AEE2430
Device \Driver\usbuhci \Device\USBFDO-0 8AEBC430
Device \Driver\usbuhci \Device\USBFDO-1 8AEBC430
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A8EF1F8
Device \Driver\usbuhci \Device\USBFDO-2 8AEBC430
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A8EF1F8
Device \Driver\usbuhci \Device\USBFDO-3 8AEBC430
Device \Driver\usbehci \Device\USBFDO-4 8AEBD430
Device \FileSystem\Cdfs \Cdfs 8A42D430
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0x91 0xFB 0x3A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD1 0xDC 0x45 0x4C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x29 0x0F 0x5D 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9D 0x1D 0xC6 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD1 0xDC 0x45 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFD 0xD1 0x34 0x1E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x29 0xA2 0x05 0x49 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD1 0xDC 0x45 0x4C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0x6A 0x07 0x6D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBA 0xDB 0x69 0x54 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD1 0xDC 0x45 0x4C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x02 0x7B 0x6D 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x29 0xA2 0x05 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD1 0xDC 0x45 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0x6A 0x07 0x6D ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk1\DR1 PE file @ sector 312576730
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-20 18:06:07
-----------------------------
18:06:07.328 OS Version: Windows 5.1.2600 Service Pack 3
18:06:07.328 Number of processors: 2 586 0xF06
18:06:07.328 ComputerName: JULIA UserName:
18:06:08.171 Initialize success
18:09:46.390 AVAST engine defs: 12122000
18:09:53.171 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
18:09:53.171 Disk 0 Vendor: MAXTOR_STM3160215A 3.AAD Size: 152627MB BusType: 3
18:09:53.171 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17
18:09:53.171 Disk 1 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 3
18:09:53.250 Disk 1 MBR read successfully
18:09:53.250 Disk 1 MBR scan
18:09:53.328 Disk 1 Windows XP default MBR code
18:09:53.328 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 25250 MB offset 63
18:09:53.328 Disk 1 Partition - 00 0F Extended LBA 127366 MB offset 51729296
18:09:53.406 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 71861 MB offset 51729359
18:09:53.406 Disk 1 Partition - 00 05 Extended 55497 MB offset 198916826
18:09:53.484 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 55497 MB offset 198916889
18:09:53.546 Disk 1 scanning sectors +312576705
18:09:53.671 Disk 1 PE file @ sector 312576730 !
18:09:53.859 Disk 1 scanning C:\WINDOWS\system32\drivers
18:10:52.546 Service scanning
18:11:16.968 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
18:11:24.906 Modules scanning
18:12:48.875 Disk 1 trace - called modules:
18:12:48.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys
18:12:48.937 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b181ab8]
18:12:48.953 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8b1d9498]
18:12:48.953 5 ACPI.sys[b9e53620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8b182d98]
18:12:49.578 AVAST engine scan C:\WINDOWS
18:13:38.359 AVAST engine scan C:\WINDOWS\system32
18:18:16.812 File: C:\WINDOWS\system32\dvdpexnt.dll **INFECTED** Win32:Kryptik-KDH [Trj]
18:34:09.625 AVAST engine scan C:\WINDOWS\system32\drivers
18:35:29.421 AVAST engine scan C:\Dokumente und Einstellungen\Amadeo
18:37:46.375 Disk 1 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Amadeo\Desktop\MBR.dat"
18:37:46.390 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Amadeo\Desktop\aswMBR.txt"
|
|
20.12.2012, 20:29
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Google-Link und andere Probleme! Bitte ein neues OTL-Log
__________________
__________________ |
|
22.12.2012, 18:10
| #19 |
| | Google-Link und andere Probleme! OTL.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 22.12.2012 16:17:13 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 84,45% Memory free 4,84 Gb Paging File | 4,60 Gb Available in Paging File | 95,03% Paging File free Paging file location(s): C:\pagefile.sys 2048 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 24,66 Gb Total Space | 2,77 Gb Free Space | 11,25% Space Free | Partition Type: NTFS Drive D: | 70,18 Gb Total Space | 10,80 Gb Free Space | 15,39% Space Free | Partition Type: NTFS Drive E: | 54,20 Gb Total Space | 4,09 Gb Free Space | 7,54% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 8,31 Gb Free Space | 8,51% Space Free | Partition Type: NTFS Drive G: | 51,38 Gb Total Space | 5,23 Gb Free Space | 10,17% Space Free | Partition Type: NTFS Drive H: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIA | User Name: Amadeo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - D:\Process Lasso\ProcessGovernor.exe (Bitsum Technologies) PRC - D:\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) PRC - D:\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () ========== Services (SafeList) ========== SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SbieSvc) -- D:\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (Mobile Partner. RunOuc) -- D:\Mobile Partner\UpdateDog\ouc.exe () SRV - (Steam Client Service) -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe (Valve Corporation) SRV - (HWDeviceService.exe) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe () SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (IDT, Inc.) SRV - (pgsql-8.3) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (cpuz132) -- File not found DRV - (cpudrv) -- C:\Programme\SystemRequirementsLab\cpudrv.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (aseahhag) -- File not found DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (SbieDrv) -- D:\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys () DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys () DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices) DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (cmuda3) -- C:\WINDOWS\system32\drivers\cmudax3.sys (C-Media Inc) DRV - (chdrvr02) -- C:\WINDOWS\system32\drivers\chdrvr02.sys (CH Products) DRV - (chdrvr03) -- C:\WINDOWS\system32\drivers\chdrvr03.sys (CH Products) DRV - (chdrvr01) -- C:\WINDOWS\system32\drivers\chdrvr01.sys (CH Products) DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (cmpci) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.tuwien.ac.at IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.tuwien.ac.at IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\SearchScopes\{109E0DC0-2C4B-4518-9D61-9D2BC2074C2D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3AA340A9-EE19-468B-88A2-68FE912C11AC&apn_sauid=B5A87D64-4A1C-4202-82F4-3BDFFF5D8E8F IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.7 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\01035 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.29 10:18:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.12.19 01:47:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A396240B-27B6-4007-9588-064E96278BAD}: C:\WINDOWS\system32\01022 FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\01035 [2010.08.22 10:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Extensions [2012.10.29 10:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions [2012.10.29 10:19:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.10.29 10:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\nostmp [2012.10.29 10:19:33 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.04.07 16:22:10 | 000,002,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\askcom.xml [2012.04.05 12:29:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-1.xml [2011.09.08 15:41:20 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-10.xml [2011.09.29 11:04:06 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-11.xml [2011.11.10 17:27:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-12.xml [2011.12.16 14:35:05 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-13.xml [2012.01.06 11:49:29 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-14.xml [2012.02.19 11:15:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-15.xml [2012.03.21 19:09:00 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-16.xml [2012.03.30 11:00:47 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-17.xml [2010.12.15 12:25:41 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-2.xml [2011.03.02 18:18:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-3.xml [2011.03.05 23:57:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-4.xml [2011.03.23 10:13:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-5.xml [2011.05.01 00:57:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-6.xml [2011.06.22 09:44:56 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-7.xml [2011.08.18 13:04:53 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-8.xml [2011.08.31 15:02:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-9.xml [2012.03.19 19:09:28 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin.gif [2012.03.19 19:09:28 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin.src [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin.xml [2012.10.29 10:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.19 01:30:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - No CLSID value found. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {6764C5ED-CEE4-42ae-8F31-23F02A3A661F} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found. O4 - HKLM..\Run: [ATICustomerCare] C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [ProcessGovernor] D:\Process Lasso\processgovernor.exe (Bitsum Technologies) O4 - HKLM..\Run: [ProcessLassoManagementConsole] D:\Process Lasso\ProcessLasso.exe (Bitsum Technologies) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [DAEMON Tools Lite] F:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [DriverMax] G:\DriverMax\devices.exe (Innovative Solutions) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [DriverMax_RESTART] G:\DriverMax\devices.exe (Innovative Solutions) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [ICQ] F:\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [SandboxieControl] D:\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [Steam] G:\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Amadeo\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = D:\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - F:\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - F:\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Dokumente und Einstellungen\Amadeo\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Dokumente und Einstellungen\Amadeo\Desktop\PartyPoker.lnk () O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282521036125 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab (ChessControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66F64D73-0F8A-4367-86D2-17398744B2EC}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.22 10:37:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.09.12 19:11:41 | 000,000,233 | R--- | M] () - H:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.20 18:58:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\PKR [2012.12.19 16:21:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.12.19 15:52:40 | 000,000,000 | ---D | C] -- C:\Programme\C-Media Oxygen HD Audio Device [2012.12.19 01:47:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\Sun [2012.12.19 01:47:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2012.12.19 01:47:03 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.12.19 01:47:03 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.12.19 01:46:41 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.12.19 01:46:41 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.12.19 01:46:41 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.12.19 01:26:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012.12.19 00:35:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PostgreSQL 8.3 [2012.12.19 00:34:44 | 000,000,000 | ---D | C] -- C:\Programme\PostgreSQL [2012.12.18 23:59:38 | 005,012,571 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\ComboFix.exe [2012.12.17 12:05:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Startmenü\Programme\GeoGebra 4.2 [2012.12.14 11:05:39 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\aswMBR.exe [2012.12.12 14:41:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2012.12.11 21:06:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Amadeo\Recent [2012.12.11 20:50:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2012.12.03 22:15:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Party [2012.12.01 18:39:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2012.12.01 18:39:18 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2012.12.01 18:39:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.22 15:41:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.12.22 15:37:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.12.22 13:08:29 | 000,190,976 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.22 11:38:52 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job [2012.12.22 11:09:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.12.22 11:07:16 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.12.22 11:06:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.12.21 20:48:37 | 003,524,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.20 18:37:56 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\MBR.dat [2012.12.19 22:48:02 | 000,000,464 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenTTD.lnk [2012.12.19 15:59:35 | 000,000,521 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\PokerTracker 4.lnk [2012.12.19 01:46:08 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.12.19 01:46:00 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.12.19 01:46:00 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.12.19 01:46:00 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.12.19 01:46:00 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.12.19 01:45:59 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.12.19 01:45:58 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012.12.19 01:30:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.12.18 23:59:53 | 005,012,571 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\ComboFix.exe [2012.12.17 12:47:36 | 000,069,100 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\matheuebung2.pdf [2012.12.17 12:05:58 | 000,001,890 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\GeoGebra 4.2.lnk [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012.12.14 11:09:27 | 000,012,866 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\pokerstrategie.sxw [2012.12.14 11:06:16 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\aswMBR.exe [2012.12.14 11:03:25 | 000,302,592 | ---- | M] () -- C:\2qp3jtr4.exe [2012.12.13 22:41:08 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.12.13 17:14:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.12.12 14:41:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2012.12.11 21:06:25 | 000,001,910 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_210619.reg [2012.12.11 20:56:24 | 000,551,550 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_205602.reg [2012.12.09 19:37:53 | 000,528,654 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.12.09 19:37:53 | 000,503,532 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.12.09 19:37:53 | 000,106,748 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.12.09 19:37:53 | 000,089,230 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.12.03 13:10:32 | 000,001,468 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2012.12.03 12:55:00 | 000,004,934 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab [2012.12.01 18:39:19 | 000,001,870 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.11.24 13:46:17 | 000,000,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121206-092502.backup [2012.11.24 13:46:16 | 000,000,344 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121124-134617.backup [2012.11.22 22:40:38 | 000,000,193 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121124-134616.backup [2012.11.22 22:40:12 | 000,005,110 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\IDK [2012.11.22 21:39:51 | 000,000,531 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HoldemManager2.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.19 15:53:12 | 000,002,377 | ---- | C] () -- C:\WINDOWS\Cmicnfgp.ini.cfg [2012.12.19 15:53:08 | 000,001,948 | ---- | C] () -- C:\WINDOWS\cmudaxp.ini [2012.12.18 14:25:47 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\MBR.dat [2012.12.17 12:47:36 | 000,069,100 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\matheuebung2.pdf [2012.12.17 12:05:58 | 000,001,890 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\GeoGebra 4.2.lnk [2012.12.14 11:09:24 | 000,012,866 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\pokerstrategie.sxw [2012.12.14 11:03:24 | 000,302,592 | ---- | C] () -- C:\2qp3jtr4.exe [2012.12.13 17:14:13 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.12.11 21:06:22 | 000,001,910 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_210619.reg [2012.12.11 20:56:07 | 000,551,550 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_205602.reg [2012.12.03 12:55:00 | 000,004,934 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab [2012.12.01 18:39:19 | 000,001,870 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.11.22 21:42:30 | 000,005,110 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\IDK [2012.11.16 11:56:18 | 000,141,608 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.05.29 11:22:44 | 000,000,061 | -HS- | C] () -- C:\WINDOWS\cnerolf.bin [2012.05.03 13:27:47 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini [2012.04.21 16:27:21 | 000,001,468 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2012.04.09 10:25:48 | 000,175,104 | ---- | C] () -- C:\WINDOWS\MM_Bahn_V3_Uninstall.exe [2012.04.02 12:11:36 | 000,000,613 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2012.03.21 19:22:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.03.21 19:22:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.03.21 19:22:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.03.21 19:22:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.03.21 19:22:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.02.04 10:39:48 | 000,004,140 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\oinwddee.jeg [2012.01.07 14:15:22 | 003,379,470 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-57989841-963894560-1606980848-1003-0.dat [2012.01.07 14:15:22 | 000,221,466 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.12.18 16:32:13 | 000,005,078 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bltofzsb.qlf [2011.11.26 22:04:54 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe [2011.11.26 22:04:54 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe [2011.11.26 22:04:54 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2011.11.26 22:04:54 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2011.11.26 22:04:54 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2011.11.12 12:09:23 | 000,000,136 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.11.08 21:49:21 | 000,000,056 | ---- | C] () -- C:\WINDOWS\fs9configurator.ini [2011.09.28 15:03:13 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011.04.11 18:38:27 | 000,000,185 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\FSDreamTeam_Honolulu.reg [2011.03.18 11:33:06 | 000,000,180 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\FSDreamTeam_ZurichX.reg [2011.03.18 00:42:15 | 000,086,776 | ---- | C] () -- C:\WINDOWS\System32\CMCalBlk.dll [2011.03.17 15:58:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2011.03.17 15:56:36 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl [2011.03.17 15:56:15 | 000,001,480 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg [2011.03.17 15:56:13 | 000,002,532 | ---- | C] () -- C:\WINDOWS\cmudax3.ini [2011.03.15 23:01:21 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2011.03.14 13:02:20 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.03.14 12:04:57 | 000,000,220 | ---- | C] () -- C:\WINDOWS\AISmooth.INI [2011.03.14 02:21:41 | 000,000,199 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\QualityWings_Ultimate 757 Collection.reg [2011.02.24 12:36:41 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Adobe Targa Format CS5 Prefs [2010.08.23 02:16:48 | 000,190,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2010.08.22 10:54:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.12.20 23:14:52 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Extras.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.12.2012 16:17:13 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 84,45% Memory free
4,84 Gb Paging File | 4,60 Gb Available in Paging File | 95,03% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,66 Gb Total Space | 2,77 Gb Free Space | 11,25% Space Free | Partition Type: NTFS
Drive D: | 70,18 Gb Total Space | 10,80 Gb Free Space | 15,39% Space Free | Partition Type: NTFS
Drive E: | 54,20 Gb Total Space | 4,09 Gb Free Space | 7,54% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 8,31 Gb Free Space | 8,51% Space Free | Partition Type: NTFS
Drive G: | 51,38 Gb Total Space | 5,23 Gb Free Space | 10,17% Space Free | Partition Type: NTFS
Drive H: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: JULIA | User Name: Amadeo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5432:TCP" = 5432:TCP:*:Enabled:postgres
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"F:\ICQ7.5\ICQ.exe" = F:\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\BitTorrent\bittorrent.exe" = D:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"E:\Applications\eMule\emule.exe" = E:\Applications\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
"F:\Empire Earth\Empire Earth.exe" = F:\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- ()
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"G:\Steam\Steam.exe" = G:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"G:\Jedi Academy\GameData\jamp.exe" = G:\Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- (Activision Inc)
"G:\Steam\SteamApps\common\cities in motion\Cities In Motion.exe" = G:\Steam\SteamApps\common\cities in motion\Cities In Motion.exe:*:Enabled:Cities in Motion -- ()
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen -- (Microsoft Corporation)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"F:\ICQ7.5\ICQ.exe" = F:\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"F:\Flight Simulator X\fsx.exe" = F:\Flight Simulator X\fsx.exe:*:Enabled:Microsoft Flight Simulator® -- (Microsoft Corp.)
"F:\Flight Simulator X\Flight One Software\Ultimate Traffic 2\UT2Services.exe" = F:\Flight Simulator X\Flight One Software\Ultimate Traffic 2\UT2Services.exe:*:Enabled:UT2Runtime -- (Flag Mountain Software)
"C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"E:\Games\FIFA Manager 13\Manager13.exe" = E:\Games\FIFA Manager 13\Manager13.exe:*:Enabled:FUSSBALL MANAGER 13 -- (Electronic Arts Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"D:\PacificPoker\bin\poker.exe" = D:\PacificPoker\bin\poker.exe:*:Enabled:poker -- (random)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B82D6C6-9ECC-4710-97AB-5CE482E72852}_is1" = TableScan Turbo RC4 build 8
"{0C5A665C-EB82-237B-4703-88CACDE22C0C}" = Catalyst Control Center Graphics Previews Common
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab
"{0ED98038-0885-F902-C419-669ADE471A46}" = ATI Stream SDK v2 Developer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{13A74C4A-1AA2-1BAC-99C0-876663ACB9CE}" = ccc-utility
"{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}" = EditVoicepack
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{219F5D37-632B-4EC2-96F4-6AE1B8C39284}" = XLNation User Interface Mod
"{22183FFB-C8A7-4740-847A-DD2FAE27B4F3}" = Microsoft Flight Simulator X SP2 SDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3B095ED6-8631-4E2A-9F75-3EAD0AA37850}" = ATC Voicepack SDK
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46559469-7C15-49F4-BB76-21480BE1BEF4}" = Real Environment Xtreme FS2004
"{493687F8-8D57-47C4-87B6-D46D7C5203BF}" = EditVoicepack X
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{4D27CE85-F519-42C1-B4AB-C0BD976FB0BA}" = Orbiter 2010-P1
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55F78BA4-3D29-4F66-8D89-36E45C3750B6}" = Active Sky Evolution
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724D34D5-CC50-49ED-B5A4-587F67EF2B44}" = Overland - World Airlines for FS2004 (Airbus)
"{72FC6A11-7165-49D3-9033-061953EFD732}" = Airlines 2
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D8EB14A-50BF-493F-A6D6-30656E04937C}" = XPax
"{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8F161264-A992-623B-5746-5AD0EF1EA516}" = ATI Catalyst Install Manager
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9273AF57-4CE9-48D9-B9D7-6F8B503B1D93}" = Overland - World Airlines for FSX (Boeing)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C2B76C-DD0E-FC4F-A5D4-C9F7970FB1CD}" = ccc-core-static
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEA944B7-D9C2-4560-92AE-64BD1D755A37}" = FS Recorder 2.01 for FS2004
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BA82F3D7-40E0-CB34-B682-ACC63E7E73B6}" = CCC Help English
"{BC63C33D-2EA7-4991-8C2E-D9B8A48DD58B}" = PokerStrategy.com Elephant
"{BD7CA7F2-FF0A-46C8-8428-38D5BE805C1A}" = Overland - World Airlines for FS2004 (Boeing)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB71DCD9-6D02-4FB4-A81F-27415DA07007}" = Overland - World Airlines for FSX (Airbus)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EB74294F-B8FC-4387-BEBF-275E36C6076C}" = FS Recorder 2.1 for FSX
"{ED654F5D-5DC9-46EA-9D10-621231527F98}" = FS9 Configurator
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F200693E-3746-4CAF-B38B-AD760AC08555}" = ProTrain - Romatisches Rheintal
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"888poker" = 888poker
"Accu-Feel" = Accu-Feel
"ADE9xSetup_is1" = Airport Design Editor 9x Version 1.50.18.197
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AeroDesigns A340 - 313 House Livery" = AeroDesigns A340 - 313 House Livery
"Airport Simulator" = Airport Simulator
"Audacity_is1" = Audacity 2.0
"BAHN384r3a_is1" = BAHN 3.84r3a
"BitTorrent" = BitTorrent
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CHControlManager_is1" = CH Control Manager Software
"Cities XL 2011" = Cities XL 2011
"C-Media Oxygen HD Sound" = C-Media Oxygen HD Audio Device
"C-Media PCI Sound" = C-Media PCI Audio Device
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CPU-Control_is1" = CPU-Control
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Gilde Gold-Edition" = Die Gilde Gold-Edition
"DMX5_is1" = DriverMax 5
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"eMule" = eMule
"EZdok Camera for Microsoft Flight Simulator X" = EZdok Camera for Microsoft Flight Simulator X
"F1UT2" = Ultimate Traffic 2 - Summer Schedule Update
"F1UT2PP" = Ultimate Traffic 2 Power Pack
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps (remove only)
"FS Water Configurator" = FS Water Configurator 3.15
"Google Chrome" = Google Chrome
"HoldemManager2" = Holdem Manager 2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Installation Stellwerk Bremen" = Installation Stellwerk Bremen
"Installation Stellwerk Hamburg-Altona" = Installation Stellwerk Hamburg-Altona
"Installation Stellwerk Hannover" = Installation Stellwerk Hannover
"Installation Stellwerk Kempten" = Installation Stellwerk Kempten
"Installation Stellwerk Neumünster" = Installation Stellwerk Neumünster
"InstallShield_{72FC6A11-7165-49D3-9033-061953EFD732}" = Airlines 2
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"JBChtzDrdnBAHN386rel1_is1" = BAHN 3.86r1
"JBChtzDrdnBAHN386rel2_is1" = BAHN 3.86r2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MM Eisenbahn-Bildschirmschoner V3" = MM Eisenbahn-Bildschirmschoner V3
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NoLimits Coasters full" = NoLimits Coasters 1.7 (remove only)
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.2.3
"Origin" = Origin
"PartyPoker" = PartyPoker
"PCI Audio Driver" = PCI Audio Driver
"PKR" = PKR
"Poker 770" = Poker 770
"PokerStars" = PokerStars
"PokerTracker4" = PokerTracker 4 (remove only)
"ProcessLasso" = Process Lasso
"Real Color KLAX" = Real Color KLAX
"Sandboxie" = Sandboxie 3.68 (32-bit)
"Shockwave" = Shockwave
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"SS CFM56-7B 700_800" = SS CFM56-7B 700_800
"Star Alliance TravelDesk_is1" = Star Alliance TravelDesk
"Steam App 73010" = Cities in Motion
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TrafficGiant-Gold Edition" = TrafficGiant-Gold Edition
"tsimsbgrx9" = São Paulo - Guarulhos / SBGR FS9
"TSS Airbus CFM56 5B FS2004" = TSS Airbus CFM56 5B FS2004
"TSS Airbus CFM56 5B FSX" = TSS Airbus CFM56 5B FSX
"TSS Boeing 767 GE Sound" = TSS Boeing 767 GE Sound
"TSS Boeing 767 PW Sound" = TSS Boeing 767 PW Sound
"TSS Boeing 767 RR" = TSS Boeing 767 RR
"TSS Fokker 100 RR-Tay" = TSS Fokker 100 RR-Tay
"TSS MD11 GE fs2004" = TSS MD11 GE fs2004
"UK2000 Heathrow Xtreme" = Remove UK2000 Heathrow Xtreme files
"Vehicle Simulator_is1" = Vehicle Simulator
"Virtual Sailor_is1" = Virtual Sailor 7
"VLC media player" = VLC media player 2.0.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"80b77bf0c209b804" = Emulator Starter
"GeoGebra 4.2" = GeoGebra 4.2
"GeoGebraPrim" = GeoGebraPrim
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.12.2012 20:40:31 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:41 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:47 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:52 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:56 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:41:00 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:41:07 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 19.12.2012 06:52:06 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 19.12.2012 06:52:13 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 20.12.2012 17:22:45 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pokertracker4.exe, Version 4.5.9.0, fehlgeschlagenes
Modul pokertracker4.exe, Version 4.5.9.0, Fehleradresse 0x00280073.
[ Application Events ]
Error - 18.12.2012 20:40:31 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:41 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:47 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:52 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:56 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:41:00 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:41:07 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 19.12.2012 06:52:06 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 19.12.2012 06:52:13 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 20.12.2012 17:22:45 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pokertracker4.exe, Version 4.5.9.0, fehlgeschlagenes
Modul pokertracker4.exe, Version 4.5.9.0, Fehleradresse 0x00280073.
[ System Events ]
Error - 21.12.2012 15:52:07 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 21.12.2012 15:52:07 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 22.12.2012 06:07:10 | Computer Name = JULIA | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 62.178.222.171 für die Netzwerkkarte mit der Netzwerkadresse
00E07DDE68F5 wurde durch den DHCP-Server 195.34.134.99 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 22.12.2012 06:07:23 | Computer Name = JULIA | Source = aseahhag | ID = 262148
Description =
Error - 22.12.2012 06:07:23 | Computer Name = JULIA | Source = aseahhag | ID = 262148
Description =
Error - 22.12.2012 06:08:41 | Computer Name = JULIA | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Mobile
Partner. OUC.
Error - 22.12.2012 06:08:41 | Computer Name = JULIA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 22.12.2012 06:38:47 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 22.12.2012 06:38:49 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 22.12.2012 06:39:00 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "HWDeviceService.exe" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
|
|
22.12.2012, 20:24
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google-Link und andere Probleme! adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.12.2012, 23:40
| #21 |
| | Google-Link und andere Probleme!Code:
ATTFilter # AdwCleaner v2.101 - Datei am 22/12/2012 um 23:39:29 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Amadeo - JULIA
# Bootmodus : Normal
# Ausgeführt unter : C:\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar
Ordner Gefunden : C:\Programme\ICQ6Toolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKU\S-1-5-21-57989841-963894560-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
*************************
AdwCleaner[R1].txt - [1890 octets] - [22/12/2012 23:39:29]
########## EOF - C:\AdwCleaner[R1].txt - [1950 octets] ##########
|
|
22.12.2012, 23:45
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google-Link und andere Probleme! adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 14:26
| #23 |
| | Google-Link und andere Probleme!Code:
ATTFilter # AdwCleaner v2.101 - Datei am 22/12/2012 um 23:49:24 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Amadeo - JULIA
# Bootmodus : Normal
# Ausgeführt unter : C:\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar
Ordner Gelöscht : C:\Programme\ICQ6Toolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
*************************
AdwCleaner[R1].txt - [2019 octets] - [22/12/2012 23:39:29]
AdwCleaner[S1].txt - [1829 octets] - [22/12/2012 23:49:24]
########## EOF - C:\AdwCleaner[S1].txt - [1889 octets] ##########
Code:
ATTFilter OTL logfile created on: 23.12.2012 12:55:28 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,62% Memory free 4,84 Gb Paging File | 4,54 Gb Available in Paging File | 93,90% Paging File free Paging file location(s): C:\pagefile.sys 2048 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 24,66 Gb Total Space | 2,73 Gb Free Space | 11,05% Space Free | Partition Type: NTFS Drive D: | 70,18 Gb Total Space | 10,80 Gb Free Space | 15,39% Space Free | Partition Type: NTFS Drive E: | 54,20 Gb Total Space | 4,09 Gb Free Space | 7,54% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 7,44 Gb Free Space | 7,62% Space Free | Partition Type: NTFS Drive G: | 51,38 Gb Total Space | 5,23 Gb Free Space | 10,17% Space Free | Partition Type: NTFS Drive H: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIA | User Name: Amadeo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - D:\Process Lasso\ProcessGovernor.exe (Bitsum Technologies) PRC - D:\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) PRC - D:\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Programme\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () ========== Services (SafeList) ========== SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SbieSvc) -- D:\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (Mobile Partner. RunOuc) -- D:\Mobile Partner\UpdateDog\ouc.exe () SRV - (Steam Client Service) -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe (Valve Corporation) SRV - (HWDeviceService.exe) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe () SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (IDT, Inc.) SRV - (pgsql-8.3) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (cpuz132) -- File not found DRV - (cpudrv) -- C:\Programme\SystemRequirementsLab\cpudrv.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (awwfn1r3) -- File not found DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (SbieDrv) -- D:\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys () DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys () DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices) DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (cmuda3) -- C:\WINDOWS\system32\drivers\cmudax3.sys (C-Media Inc) DRV - (chdrvr02) -- C:\WINDOWS\system32\drivers\chdrvr02.sys (CH Products) DRV - (chdrvr03) -- C:\WINDOWS\system32\drivers\chdrvr03.sys (CH Products) DRV - (chdrvr01) -- C:\WINDOWS\system32\drivers\chdrvr01.sys (CH Products) DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (cmpci) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.tuwien.ac.at IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.tuwien.ac.at IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\SearchScopes\{109E0DC0-2C4B-4518-9D61-9D2BC2074C2D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3AA340A9-EE19-468B-88A2-68FE912C11AC&apn_sauid=B5A87D64-4A1C-4202-82F4-3BDFFF5D8E8F IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-57989841-963894560-1606980848-1025\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.at IE - HKU\S-1-5-21-57989841-963894560-1606980848-1025\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.tuwien.ac.at ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.7 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\01035 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.29 10:18:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.12.19 01:47:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A396240B-27B6-4007-9588-064E96278BAD}: C:\WINDOWS\system32\01022 FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\01035 [2010.08.22 10:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Extensions [2012.10.29 10:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions [2012.10.29 10:19:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.10.29 10:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\nostmp [2012.10.29 10:19:33 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.04.07 16:22:10 | 000,002,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\askcom.xml [2012.04.05 12:29:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-1.xml [2011.09.08 15:41:20 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-10.xml [2011.09.29 11:04:06 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-11.xml [2011.11.10 17:27:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-12.xml [2011.12.16 14:35:05 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-13.xml [2012.01.06 11:49:29 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-14.xml [2012.02.19 11:15:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-15.xml [2012.03.21 19:09:00 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-16.xml [2012.03.30 11:00:47 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-17.xml [2010.12.15 12:25:41 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-2.xml [2011.03.02 18:18:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-3.xml [2011.03.05 23:57:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-4.xml [2011.03.23 10:13:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-5.xml [2011.05.01 00:57:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-6.xml [2011.06.22 09:44:56 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-7.xml [2011.08.18 13:04:53 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-8.xml [2011.08.31 15:02:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-9.xml [2012.03.19 19:09:28 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin.gif [2012.03.19 19:09:28 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin.src [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin.xml [2012.10.29 10:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.19 01:30:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - No CLSID value found. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {6764C5ED-CEE4-42ae-8F31-23F02A3A661F} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found. O4 - HKLM..\Run: [ATICustomerCare] C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [ProcessGovernor] D:\Process Lasso\processgovernor.exe (Bitsum Technologies) O4 - HKLM..\Run: [ProcessLassoManagementConsole] D:\Process Lasso\ProcessLasso.exe (Bitsum Technologies) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [DAEMON Tools Lite] F:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [DriverMax] G:\DriverMax\devices.exe (Innovative Solutions) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [DriverMax_RESTART] G:\DriverMax\devices.exe (Innovative Solutions) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [ICQ] F:\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [SandboxieControl] D:\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-57989841-963894560-1606980848-1003..\Run: [Steam] G:\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Amadeo\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = D:\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1025\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-57989841-963894560-1606980848-1025\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - F:\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - F:\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Dokumente und Einstellungen\Amadeo\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Dokumente und Einstellungen\Amadeo\Desktop\PartyPoker.lnk () O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282521036125 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab (ChessControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66F64D73-0F8A-4367-86D2-17398744B2EC}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.22 10:37:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.09.12 19:11:41 | 000,000,233 | R--- | M] () - H:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.23 12:22:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BAHN 4.00 [2012.12.20 18:58:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\PKR [2012.12.19 16:21:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.12.19 15:52:40 | 000,000,000 | ---D | C] -- C:\Programme\C-Media Oxygen HD Audio Device [2012.12.19 01:47:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\Sun [2012.12.19 01:47:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2012.12.19 01:47:03 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.12.19 01:47:03 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.12.19 01:46:41 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.12.19 01:46:41 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.12.19 01:46:41 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.12.19 01:26:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012.12.19 00:35:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PostgreSQL 8.3 [2012.12.19 00:34:44 | 000,000,000 | ---D | C] -- C:\Programme\PostgreSQL [2012.12.18 23:59:38 | 005,012,571 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\ComboFix.exe [2012.12.17 12:05:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Startmenü\Programme\GeoGebra 4.2 [2012.12.14 11:05:39 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\aswMBR.exe [2012.12.12 14:41:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2012.12.11 21:06:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Amadeo\Recent [2012.12.11 20:50:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2012.12.03 22:15:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Party [2012.12.01 18:39:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2012.12.01 18:39:18 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2012.12.01 18:39:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.23 12:41:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.12.23 12:37:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.12.23 11:52:20 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job [2012.12.23 11:34:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.12.23 11:32:43 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.12.23 11:32:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.12.22 23:57:01 | 000,190,976 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.22 23:39:07 | 000,547,175 | ---- | M] () -- C:\adwcleaner.exe [2012.12.21 20:48:37 | 003,524,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.20 18:37:56 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\MBR.dat [2012.12.19 22:48:02 | 000,000,464 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenTTD.lnk [2012.12.19 15:59:35 | 000,000,521 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\PokerTracker 4.lnk [2012.12.19 01:46:08 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.12.19 01:46:00 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.12.19 01:46:00 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.12.19 01:46:00 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.12.19 01:46:00 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.12.19 01:45:59 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.12.19 01:45:58 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012.12.19 01:30:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.12.18 23:59:53 | 005,012,571 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\ComboFix.exe [2012.12.17 12:47:36 | 000,069,100 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\matheuebung2.pdf [2012.12.17 12:05:58 | 000,001,890 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\GeoGebra 4.2.lnk [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012.12.14 11:09:27 | 000,012,866 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\pokerstrategie.sxw [2012.12.14 11:06:16 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\aswMBR.exe [2012.12.14 11:03:25 | 000,302,592 | ---- | M] () -- C:\2qp3jtr4.exe [2012.12.13 22:41:08 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.12.13 17:14:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.12.12 14:41:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2012.12.11 21:06:25 | 000,001,910 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_210619.reg [2012.12.11 20:56:24 | 000,551,550 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_205602.reg [2012.12.09 19:37:53 | 000,528,654 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.12.09 19:37:53 | 000,503,532 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.12.09 19:37:53 | 000,106,748 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.12.09 19:37:53 | 000,089,230 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.12.03 13:10:32 | 000,001,468 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2012.12.03 12:55:00 | 000,004,934 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab [2012.12.01 18:39:19 | 000,001,870 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.11.24 13:46:17 | 000,000,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121206-092502.backup [2012.11.24 13:46:16 | 000,000,344 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121124-134617.backup [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.22 23:39:06 | 000,547,175 | ---- | C] () -- C:\adwcleaner.exe [2012.12.19 15:53:12 | 000,002,377 | ---- | C] () -- C:\WINDOWS\Cmicnfgp.ini.cfg [2012.12.19 15:53:08 | 000,001,948 | ---- | C] () -- C:\WINDOWS\cmudaxp.ini [2012.12.18 14:25:47 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\MBR.dat [2012.12.17 12:47:36 | 000,069,100 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\matheuebung2.pdf [2012.12.17 12:05:58 | 000,001,890 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\GeoGebra 4.2.lnk [2012.12.14 11:09:24 | 000,012,866 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\pokerstrategie.sxw [2012.12.14 11:03:24 | 000,302,592 | ---- | C] () -- C:\2qp3jtr4.exe [2012.12.13 17:14:13 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.12.11 21:06:22 | 000,001,910 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_210619.reg [2012.12.11 20:56:07 | 000,551,550 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_205602.reg [2012.12.03 12:55:00 | 000,004,934 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab [2012.12.01 18:39:19 | 000,001,870 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.11.22 21:42:30 | 000,005,110 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\IDK [2012.11.16 11:56:18 | 000,141,608 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.05.29 11:22:44 | 000,000,061 | -HS- | C] () -- C:\WINDOWS\cnerolf.bin [2012.05.03 13:27:47 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini [2012.04.21 16:27:21 | 000,001,468 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2012.04.09 10:25:48 | 000,175,104 | ---- | C] () -- C:\WINDOWS\MM_Bahn_V3_Uninstall.exe [2012.04.02 12:11:36 | 000,000,613 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2012.03.21 19:22:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.03.21 19:22:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.03.21 19:22:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.03.21 19:22:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.03.21 19:22:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.02.04 10:39:48 | 000,004,140 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\oinwddee.jeg [2012.01.07 14:15:22 | 003,379,470 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-57989841-963894560-1606980848-1003-0.dat [2012.01.07 14:15:22 | 000,221,466 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.12.18 16:32:13 | 000,005,078 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bltofzsb.qlf [2011.11.26 22:04:54 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe [2011.11.26 22:04:54 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe [2011.11.26 22:04:54 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2011.11.26 22:04:54 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2011.11.26 22:04:54 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2011.11.12 12:09:23 | 000,000,136 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.11.08 21:49:21 | 000,000,056 | ---- | C] () -- C:\WINDOWS\fs9configurator.ini [2011.09.28 15:03:13 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011.04.11 18:38:27 | 000,000,185 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\FSDreamTeam_Honolulu.reg [2011.03.18 11:33:06 | 000,000,180 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\FSDreamTeam_ZurichX.reg [2011.03.18 00:42:15 | 000,086,776 | ---- | C] () -- C:\WINDOWS\System32\CMCalBlk.dll [2011.03.17 15:58:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2011.03.17 15:56:36 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl [2011.03.17 15:56:15 | 000,001,480 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg [2011.03.17 15:56:13 | 000,002,532 | ---- | C] () -- C:\WINDOWS\cmudax3.ini [2011.03.15 23:01:21 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2011.03.14 13:02:20 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.03.14 12:04:57 | 000,000,220 | ---- | C] () -- C:\WINDOWS\AISmooth.INI [2011.03.14 02:21:41 | 000,000,199 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\QualityWings_Ultimate 757 Collection.reg [2011.02.24 12:36:41 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Adobe Targa Format CS5 Prefs [2010.08.23 02:16:48 | 000,190,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2010.08.22 10:54:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.12.20 23:14:52 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.12.2012 12:55:28 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,62% Memory free
4,84 Gb Paging File | 4,54 Gb Available in Paging File | 93,90% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,66 Gb Total Space | 2,73 Gb Free Space | 11,05% Space Free | Partition Type: NTFS
Drive D: | 70,18 Gb Total Space | 10,80 Gb Free Space | 15,39% Space Free | Partition Type: NTFS
Drive E: | 54,20 Gb Total Space | 4,09 Gb Free Space | 7,54% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 7,44 Gb Free Space | 7,62% Space Free | Partition Type: NTFS
Drive G: | 51,38 Gb Total Space | 5,23 Gb Free Space | 10,17% Space Free | Partition Type: NTFS
Drive H: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: JULIA | User Name: Amadeo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5432:TCP" = 5432:TCP:*:Enabled:postgres
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"F:\ICQ7.5\ICQ.exe" = F:\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\BitTorrent\bittorrent.exe" = D:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"E:\Applications\eMule\emule.exe" = E:\Applications\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
"F:\Empire Earth\Empire Earth.exe" = F:\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- ()
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"G:\Steam\Steam.exe" = G:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"G:\Jedi Academy\GameData\jamp.exe" = G:\Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- (Activision Inc)
"G:\Steam\SteamApps\common\cities in motion\Cities In Motion.exe" = G:\Steam\SteamApps\common\cities in motion\Cities In Motion.exe:*:Enabled:Cities in Motion -- ()
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen -- (Microsoft Corporation)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"F:\ICQ7.5\ICQ.exe" = F:\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"F:\Flight Simulator X\fsx.exe" = F:\Flight Simulator X\fsx.exe:*:Enabled:Microsoft Flight Simulator® -- (Microsoft Corp.)
"F:\Flight Simulator X\Flight One Software\Ultimate Traffic 2\UT2Services.exe" = F:\Flight Simulator X\Flight One Software\Ultimate Traffic 2\UT2Services.exe:*:Enabled:UT2Runtime -- (Flag Mountain Software)
"C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"E:\Games\FIFA Manager 13\Manager13.exe" = E:\Games\FIFA Manager 13\Manager13.exe:*:Enabled:FUSSBALL MANAGER 13 -- (Electronic Arts Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"D:\PacificPoker\bin\poker.exe" = D:\PacificPoker\bin\poker.exe:*:Enabled:poker -- (random)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B82D6C6-9ECC-4710-97AB-5CE482E72852}_is1" = TableScan Turbo RC4 build 8
"{0C5A665C-EB82-237B-4703-88CACDE22C0C}" = Catalyst Control Center Graphics Previews Common
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab
"{0ED98038-0885-F902-C419-669ADE471A46}" = ATI Stream SDK v2 Developer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{13A74C4A-1AA2-1BAC-99C0-876663ACB9CE}" = ccc-utility
"{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}" = EditVoicepack
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{219F5D37-632B-4EC2-96F4-6AE1B8C39284}" = XLNation User Interface Mod
"{22183FFB-C8A7-4740-847A-DD2FAE27B4F3}" = Microsoft Flight Simulator X SP2 SDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3B095ED6-8631-4E2A-9F75-3EAD0AA37850}" = ATC Voicepack SDK
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46559469-7C15-49F4-BB76-21480BE1BEF4}" = Real Environment Xtreme FS2004
"{493687F8-8D57-47C4-87B6-D46D7C5203BF}" = EditVoicepack X
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{4D27CE85-F519-42C1-B4AB-C0BD976FB0BA}" = Orbiter 2010-P1
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55F78BA4-3D29-4F66-8D89-36E45C3750B6}" = Active Sky Evolution
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724D34D5-CC50-49ED-B5A4-587F67EF2B44}" = Overland - World Airlines for FS2004 (Airbus)
"{72FC6A11-7165-49D3-9033-061953EFD732}" = Airlines 2
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D8EB14A-50BF-493F-A6D6-30656E04937C}" = XPax
"{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8F161264-A992-623B-5746-5AD0EF1EA516}" = ATI Catalyst Install Manager
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9273AF57-4CE9-48D9-B9D7-6F8B503B1D93}" = Overland - World Airlines for FSX (Boeing)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C2B76C-DD0E-FC4F-A5D4-C9F7970FB1CD}" = ccc-core-static
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEA944B7-D9C2-4560-92AE-64BD1D755A37}" = FS Recorder 2.01 for FS2004
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BA82F3D7-40E0-CB34-B682-ACC63E7E73B6}" = CCC Help English
"{BC63C33D-2EA7-4991-8C2E-D9B8A48DD58B}" = PokerStrategy.com Elephant
"{BD7CA7F2-FF0A-46C8-8428-38D5BE805C1A}" = Overland - World Airlines for FS2004 (Boeing)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB71DCD9-6D02-4FB4-A81F-27415DA07007}" = Overland - World Airlines for FSX (Airbus)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EB74294F-B8FC-4387-BEBF-275E36C6076C}" = FS Recorder 2.1 for FSX
"{ED654F5D-5DC9-46EA-9D10-621231527F98}" = FS9 Configurator
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F200693E-3746-4CAF-B38B-AD760AC08555}" = ProTrain - Romatisches Rheintal
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"888poker" = 888poker
"Accu-Feel" = Accu-Feel
"ADE9xSetup_is1" = Airport Design Editor 9x Version 1.50.18.197
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AeroDesigns A340 - 313 House Livery" = AeroDesigns A340 - 313 House Livery
"Airport Simulator" = Airport Simulator
"Audacity_is1" = Audacity 2.0
"BAHN384r3a_is1" = BAHN 3.84r3a
"BitTorrent" = BitTorrent
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CHControlManager_is1" = CH Control Manager Software
"Cities XL 2011" = Cities XL 2011
"C-Media Oxygen HD Sound" = C-Media Oxygen HD Audio Device
"C-Media PCI Sound" = C-Media PCI Audio Device
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CPU-Control_is1" = CPU-Control
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Gilde Gold-Edition" = Die Gilde Gold-Edition
"DMX5_is1" = DriverMax 5
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"eMule" = eMule
"EZdok Camera for Microsoft Flight Simulator X" = EZdok Camera for Microsoft Flight Simulator X
"F1UT2" = Ultimate Traffic 2 - Summer Schedule Update
"F1UT2PP" = Ultimate Traffic 2 Power Pack
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps (remove only)
"FS Water Configurator" = FS Water Configurator 3.15
"Google Chrome" = Google Chrome
"HoldemManager2" = Holdem Manager 2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Installation Stellwerk Bremen" = Installation Stellwerk Bremen
"Installation Stellwerk Hamburg-Altona" = Installation Stellwerk Hamburg-Altona
"Installation Stellwerk Hannover" = Installation Stellwerk Hannover
"Installation Stellwerk Kempten" = Installation Stellwerk Kempten
"Installation Stellwerk Neumünster" = Installation Stellwerk Neumünster
"InstallShield_{72FC6A11-7165-49D3-9033-061953EFD732}" = Airlines 2
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"JBChtzDrdnBAHN386rel1_is1" = BAHN 3.86r1
"JBChtzDrdnBAHN386rel2_is1" = BAHN 3.86r2
"JBChtzDrdnBAHN400beta1_is1" = BAHN 4.00b1a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MM Eisenbahn-Bildschirmschoner V3" = MM Eisenbahn-Bildschirmschoner V3
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NoLimits Coasters full" = NoLimits Coasters 1.7 (remove only)
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.2.3
"Origin" = Origin
"PartyPoker" = PartyPoker
"PCI Audio Driver" = PCI Audio Driver
"PKR" = PKR
"Poker 770" = Poker 770
"PokerStars" = PokerStars
"PokerTracker4" = PokerTracker 4 (remove only)
"ProcessLasso" = Process Lasso
"Real Color KLAX" = Real Color KLAX
"Sandboxie" = Sandboxie 3.68 (32-bit)
"Shockwave" = Shockwave
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"SS CFM56-7B 700_800" = SS CFM56-7B 700_800
"Star Alliance TravelDesk_is1" = Star Alliance TravelDesk
"Steam App 73010" = Cities in Motion
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TrafficGiant-Gold Edition" = TrafficGiant-Gold Edition
"tsimsbgrx9" = São Paulo - Guarulhos / SBGR FS9
"TSS Airbus CFM56 5B FS2004" = TSS Airbus CFM56 5B FS2004
"TSS Airbus CFM56 5B FSX" = TSS Airbus CFM56 5B FSX
"TSS Boeing 767 GE Sound" = TSS Boeing 767 GE Sound
"TSS Boeing 767 PW Sound" = TSS Boeing 767 PW Sound
"TSS Boeing 767 RR" = TSS Boeing 767 RR
"TSS Fokker 100 RR-Tay" = TSS Fokker 100 RR-Tay
"TSS MD11 GE fs2004" = TSS MD11 GE fs2004
"UK2000 Heathrow Xtreme" = Remove UK2000 Heathrow Xtreme files
"Vehicle Simulator_is1" = Vehicle Simulator
"Virtual Sailor_is1" = Virtual Sailor 7
"VLC media player" = VLC media player 2.0.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-57989841-963894560-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"80b77bf0c209b804" = Emulator Starter
"GeoGebra 4.2" = GeoGebra 4.2
"GeoGebraPrim" = GeoGebraPrim
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.12.2012 20:40:31 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:41 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:47 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:52 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:56 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:41:00 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:41:07 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 19.12.2012 06:52:06 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 19.12.2012 06:52:13 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 20.12.2012 17:22:45 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pokertracker4.exe, Version 4.5.9.0, fehlgeschlagenes
Modul pokertracker4.exe, Version 4.5.9.0, Fehleradresse 0x00280073.
[ Application Events ]
Error - 18.12.2012 20:40:31 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:41 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:47 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:52 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:40:56 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:41:00 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 18.12.2012 20:41:07 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 19.12.2012 06:52:06 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 19.12.2012 06:52:13 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 20.12.2012 17:22:45 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pokertracker4.exe, Version 4.5.9.0, fehlgeschlagenes
Modul pokertracker4.exe, Version 4.5.9.0, Fehleradresse 0x00280073.
[ System Events ]
Error - 22.12.2012 18:53:58 | Computer Name = JULIA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 22.12.2012 18:54:33 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "HWDeviceService.exe" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 22.12.2012 18:54:55 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 23.12.2012 06:32:53 | Computer Name = JULIA | Source = awwfn1r3 | ID = 262148
Description =
Error - 23.12.2012 06:32:53 | Computer Name = JULIA | Source = awwfn1r3 | ID = 262148
Description =
Error - 23.12.2012 06:34:04 | Computer Name = JULIA | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Mobile
Partner. OUC.
Error - 23.12.2012 06:34:04 | Computer Name = JULIA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 23.12.2012 06:52:13 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 23.12.2012 06:52:26 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "HWDeviceService.exe" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 23.12.2012 06:52:30 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
|
|
23.12.2012, 19:27
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google-Link und andere Probleme!Fixen mit OTL
Code:
ATTFilter :OTL
DRV - (awwfn1r3) -- File not found
IE - HKU\S-1-5-21-57989841-963894560-1606980848-1003\..\SearchScopes\{109E0DC0-2C4B-4518-9D61-9D2BC2074C2D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3AA340A9-EE19-468B-88A2-68FE912C11AC&apn_sauid=B5A87D64-4A1C-4202-82F4-3BDFFF5D8E8F
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2012.10.29 10:19:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.04.07 16:22:10 | 000,002,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\askcom.xml
[2012.04.05 12:29:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-1.xml
[2011.09.08 15:41:20 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-10.xml
[2011.09.29 11:04:06 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-11.xml
[2011.11.10 17:27:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-12.xml
[2011.12.16 14:35:05 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-13.xml
[2012.01.06 11:49:29 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-14.xml
[2012.02.19 11:15:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-15.xml
[2012.03.21 19:09:00 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-16.xml
[2012.03.30 11:00:47 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-17.xml
[2010.12.15 12:25:41 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-2.xml
[2011.03.02 18:18:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-3.xml
[2011.03.05 23:57:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-4.xml
[2011.03.23 10:13:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-5.xml
[2011.05.01 00:57:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-6.xml
[2011.06.22 09:44:56 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-7.xml
[2011.08.18 13:04:53 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-8.xml
[2011.08.31 15:02:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-9.xml
[2012.03.19 19:09:28 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin.gif
[2012.03.19 19:09:28 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin.src
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin.xml
:Files
C:\WINDOWS\tasks\RegistryBooster.job
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\oinwddee.jeg
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bltofzsb.qlf
C:\WINDOWS\cnerolf.bin
C:\Dokumente und Einstellungen\Amadeo\Desktop\MBR.dat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.12.2012, 09:33
| #25 |
| | Google-Link und andere Probleme!Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named awwfn1r3 was found to stop!
Service\Driver key awwfn1r3 not found.
File File not found not found.
Registry key HKEY_USERS\S-1-5-21-57989841-963894560-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{109E0DC0-2C4B-4518-9D61-9D2BC2074C2D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{109E0DC0-2C4B-4518-9D61-9D2BC2074C2D}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\askcom.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin.gif moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin.src moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\searchplugins\icqplugin.xml moved successfully.
========== FILES ==========
C:\WINDOWS\tasks\RegistryBooster.job moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\oinwddee.jeg moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bltofzsb.qlf moved successfully.
C:\WINDOWS\cnerolf.bin moved successfully.
C:\Dokumente und Einstellungen\Amadeo\Desktop\MBR.dat moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Administrator.JULIA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Amadeo
->Temp folder emptied: 76811646 bytes
->Temporary Internet Files folder emptied: 83453644 bytes
->Java cache emptied: 99121615 bytes
->FireFox cache emptied: 444403516 bytes
->Flash cache emptied: 1278421 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 264 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 673,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 12242012_092222
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
24.12.2012, 16:25
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google-Link und andere Probleme! Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2012, 10:10
| #27 |
| | Google-Link und andere Probleme!Code:
ATTFilter # AdwCleaner v2.104 - Datei am 30/12/2012 um 10:09:19 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Amadeo - JULIA
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Amadeo\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [2019 octets] - [22/12/2012 23:39:29]
AdwCleaner[R2].txt - [1018 octets] - [30/12/2012 10:09:19]
AdwCleaner[S1].txt - [1958 octets] - [22/12/2012 23:49:24]
########## EOF - C:\AdwCleaner[R2].txt - [1138 octets] ##########
|
|
30.12.2012, 17:44
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google-Link und andere Probleme! adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.01.2013, 14:32
| #29 |
| | Google-Link und andere Probleme!Code:
ATTFilter # AdwCleaner v2.104 - Datei am 01/01/2013 um 14:06:42 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Amadeo - JULIA
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Amadeo\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [2019 octets] - [22/12/2012 23:39:29]
AdwCleaner[R2].txt - [1207 octets] - [30/12/2012 10:09:19]
AdwCleaner[S1].txt - [1958 octets] - [22/12/2012 23:49:24]
AdwCleaner[S2].txt - [1140 octets] - [01/01/2013 14:06:42]
########## EOF - C:\AdwCleaner[S2].txt - [1200 octets] ##########
Code:
ATTFilter OTL logfile created on: 01.01.2013 14:16:03 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,62% Memory free 4,84 Gb Paging File | 4,55 Gb Available in Paging File | 94,10% Paging File free Paging file location(s): C:\pagefile.sys 2048 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 24,66 Gb Total Space | 2,60 Gb Free Space | 10,56% Space Free | Partition Type: NTFS Drive D: | 70,18 Gb Total Space | 7,78 Gb Free Space | 11,08% Space Free | Partition Type: NTFS Drive E: | 54,20 Gb Total Space | 4,09 Gb Free Space | 7,54% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 2,80 Gb Free Space | 2,86% Space Free | Partition Type: NTFS Drive G: | 51,38 Gb Total Space | 5,23 Gb Free Space | 10,17% Space Free | Partition Type: NTFS Drive H: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIA | User Name: Amadeo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - D:\Process Lasso\ProcessGovernor.exe (Bitsum Technologies) PRC - D:\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) PRC - D:\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - C:\Programme\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () ========== Services (SafeList) ========== SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SbieSvc) -- D:\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (Mobile Partner. RunOuc) -- D:\Mobile Partner\UpdateDog\ouc.exe () SRV - (Steam Client Service) -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe (Valve Corporation) SRV - (HWDeviceService.exe) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe () SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (IDT, Inc.) SRV - (pgsql-8.3) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (cpuz132) -- File not found DRV - (cpudrv) -- C:\Programme\SystemRequirementsLab\cpudrv.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (awyeqe6i) -- File not found DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (SbieDrv) -- D:\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys () DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys () DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices) DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (cmuda3) -- C:\WINDOWS\system32\drivers\cmudax3.sys (C-Media Inc) DRV - (chdrvr02) -- C:\WINDOWS\system32\drivers\chdrvr02.sys (CH Products) DRV - (chdrvr03) -- C:\WINDOWS\system32\drivers\chdrvr03.sys (CH Products) DRV - (chdrvr01) -- C:\WINDOWS\system32\drivers\chdrvr01.sys (CH Products) DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (cmpci) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\01035 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.29 10:18:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.12.19 01:47:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A396240B-27B6-4007-9588-064E96278BAD}: C:\WINDOWS\system32\01022 FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\01035 [2010.08.22 10:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Extensions [2012.10.29 10:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions [2012.10.29 10:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\nostmp [2012.10.29 10:19:33 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Mozilla\Firefox\Profiles\m8jc65yq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.10.29 10:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.24 09:24:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - No CLSID value found. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {6764C5ED-CEE4-42ae-8F31-23F02A3A661F} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found. O4 - HKLM..\Run: [ATICustomerCare] C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [ProcessGovernor] D:\Process Lasso\processgovernor.exe (Bitsum Technologies) O4 - HKLM..\Run: [ProcessLassoManagementConsole] D:\Process Lasso\ProcessLasso.exe (Bitsum Technologies) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] F:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [DriverMax] G:\DriverMax\devices.exe (Innovative Solutions) O4 - HKCU..\Run: [DriverMax_RESTART] G:\DriverMax\devices.exe (Innovative Solutions) O4 - HKCU..\Run: [ICQ] F:\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SandboxieControl] D:\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Steam] G:\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Amadeo\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = D:\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - F:\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - F:\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Dokumente und Einstellungen\Amadeo\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Dokumente und Einstellungen\Amadeo\Desktop\PartyPoker.lnk () O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282521036125 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab (ChessControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66F64D73-0F8A-4367-86D2-17398744B2EC}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.22 10:37:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.09.12 19:11:41 | 000,000,233 | R--- | M] () - H:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.23 12:22:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BAHN 4.00 [2012.12.20 18:58:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\PKR [2012.12.19 16:21:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.12.19 15:52:40 | 000,000,000 | ---D | C] -- C:\Programme\C-Media Oxygen HD Audio Device [2012.12.19 01:47:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\Sun [2012.12.19 01:47:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2012.12.19 01:47:03 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.12.19 01:47:03 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.12.19 01:46:41 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.12.19 01:46:41 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.12.19 01:46:41 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.12.19 01:26:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012.12.19 00:35:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PostgreSQL 8.3 [2012.12.19 00:34:44 | 000,000,000 | ---D | C] -- C:\Programme\PostgreSQL [2012.12.18 23:59:38 | 005,012,571 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\ComboFix.exe [2012.12.17 12:05:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Startmenü\Programme\GeoGebra 4.2 [2012.12.14 11:05:39 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\aswMBR.exe [2012.12.12 14:41:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2012.12.11 21:06:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Amadeo\Recent [2012.12.11 20:50:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2012.12.03 22:15:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Party ========== Files - Modified Within 30 Days ========== [2013.01.01 14:10:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.01 14:09:22 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.01.01 14:09:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.01 13:41:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.01 13:37:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.12.30 17:14:10 | 000,193,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.30 10:08:56 | 000,551,997 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\adwcleaner.exe [2012.12.29 18:00:58 | 000,004,931 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab [2012.12.24 09:24:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2012.12.22 23:39:07 | 000,547,175 | ---- | M] () -- C:\adwcleaner.exe [2012.12.21 20:48:37 | 003,524,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.19 22:48:02 | 000,000,464 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenTTD.lnk [2012.12.19 15:59:35 | 000,000,521 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\PokerTracker 4.lnk [2012.12.19 01:46:08 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.12.19 01:46:00 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.12.19 01:46:00 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.12.19 01:46:00 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.12.19 01:46:00 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.12.19 01:45:59 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.12.19 01:45:58 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012.12.18 23:59:53 | 005,012,571 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\ComboFix.exe [2012.12.17 12:47:36 | 000,069,100 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\matheuebung2.pdf [2012.12.17 12:05:58 | 000,001,890 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\GeoGebra 4.2.lnk [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012.12.14 11:09:27 | 000,012,866 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\pokerstrategie.sxw [2012.12.14 11:06:16 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Amadeo\Desktop\aswMBR.exe [2012.12.14 11:03:25 | 000,302,592 | ---- | M] () -- C:\2qp3jtr4.exe [2012.12.13 22:41:08 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.12.13 17:14:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.12.12 14:41:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2012.12.11 21:06:25 | 000,001,910 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_210619.reg [2012.12.11 20:56:24 | 000,551,550 | ---- | M] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_205602.reg [2012.12.09 19:37:53 | 000,528,654 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.12.09 19:37:53 | 000,503,532 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.12.09 19:37:53 | 000,106,748 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.12.09 19:37:53 | 000,089,230 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.12.03 13:10:32 | 000,001,468 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini ========== Files Created - No Company Name ========== [2012.12.30 10:08:55 | 000,551,997 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\adwcleaner.exe [2012.12.29 18:00:58 | 000,004,931 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\flwjycbm.bab [2012.12.22 23:39:06 | 000,547,175 | ---- | C] () -- C:\adwcleaner.exe [2012.12.19 15:53:12 | 000,002,377 | ---- | C] () -- C:\WINDOWS\Cmicnfgp.ini.cfg [2012.12.19 15:53:08 | 000,001,948 | ---- | C] () -- C:\WINDOWS\cmudaxp.ini [2012.12.17 12:47:36 | 000,069,100 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\matheuebung2.pdf [2012.12.17 12:05:58 | 000,001,890 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Desktop\GeoGebra 4.2.lnk [2012.12.14 11:09:24 | 000,012,866 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\pokerstrategie.sxw [2012.12.14 11:03:24 | 000,302,592 | ---- | C] () -- C:\2qp3jtr4.exe [2012.12.13 17:14:13 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.12.11 21:06:22 | 000,001,910 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_210619.reg [2012.12.11 20:56:07 | 000,551,550 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Eigene Dateien\cc_20121211_205602.reg [2012.11.22 21:42:30 | 000,005,110 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\IDK [2012.11.16 11:56:18 | 000,141,608 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.05.29 11:22:44 | 000,000,061 | -HS- | C] () -- C:\WINDOWS\cnerolf.bin [2012.05.03 13:27:47 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini [2012.04.21 16:27:21 | 000,001,468 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2012.04.09 10:25:48 | 000,175,104 | ---- | C] () -- C:\WINDOWS\MM_Bahn_V3_Uninstall.exe [2012.04.02 12:11:36 | 000,000,613 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2012.03.21 19:22:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.03.21 19:22:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.03.21 19:22:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.03.21 19:22:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.03.21 19:22:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.01.07 14:15:22 | 003,379,470 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-57989841-963894560-1606980848-1003-0.dat [2012.01.07 14:15:22 | 000,221,466 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.11.26 22:04:54 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe [2011.11.26 22:04:54 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe [2011.11.26 22:04:54 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2011.11.26 22:04:54 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2011.11.26 22:04:54 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2011.11.12 12:09:23 | 000,000,136 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.11.08 21:49:21 | 000,000,056 | ---- | C] () -- C:\WINDOWS\fs9configurator.ini [2011.09.28 15:03:13 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011.04.11 18:38:27 | 000,000,185 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\FSDreamTeam_Honolulu.reg [2011.03.18 11:33:06 | 000,000,180 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\FSDreamTeam_ZurichX.reg [2011.03.18 00:42:15 | 000,086,776 | ---- | C] () -- C:\WINDOWS\System32\CMCalBlk.dll [2011.03.17 15:58:15 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2011.03.17 15:56:36 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl [2011.03.17 15:56:15 | 000,001,480 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg [2011.03.17 15:56:13 | 000,002,532 | ---- | C] () -- C:\WINDOWS\cmudax3.ini [2011.03.15 23:01:21 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2011.03.14 13:02:20 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.03.14 12:04:57 | 000,000,220 | ---- | C] () -- C:\WINDOWS\AISmooth.INI [2011.03.14 02:21:41 | 000,000,199 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\QualityWings_Ultimate 757 Collection.reg [2011.02.24 12:36:41 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Adobe Targa Format CS5 Prefs [2010.08.23 02:16:48 | 000,193,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Amadeo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2010.08.22 10:54:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.12.20 23:14:52 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.01.2013 14:16:03 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,62% Memory free
4,84 Gb Paging File | 4,55 Gb Available in Paging File | 94,10% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,66 Gb Total Space | 2,60 Gb Free Space | 10,56% Space Free | Partition Type: NTFS
Drive D: | 70,18 Gb Total Space | 7,78 Gb Free Space | 11,08% Space Free | Partition Type: NTFS
Drive E: | 54,20 Gb Total Space | 4,09 Gb Free Space | 7,54% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 2,80 Gb Free Space | 2,86% Space Free | Partition Type: NTFS
Drive G: | 51,38 Gb Total Space | 5,23 Gb Free Space | 10,17% Space Free | Partition Type: NTFS
Drive H: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: JULIA | User Name: Amadeo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5432:TCP" = 5432:TCP:*:Enabled:postgres
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"F:\ICQ7.5\ICQ.exe" = F:\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\BitTorrent\bittorrent.exe" = D:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"E:\Applications\eMule\emule.exe" = E:\Applications\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
"F:\Empire Earth\Empire Earth.exe" = F:\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- ()
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"G:\Steam\Steam.exe" = G:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"G:\Jedi Academy\GameData\jamp.exe" = G:\Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- (Activision Inc)
"G:\Steam\SteamApps\common\cities in motion\Cities In Motion.exe" = G:\Steam\SteamApps\common\cities in motion\Cities In Motion.exe:*:Enabled:Cities in Motion -- ()
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen -- (Microsoft Corporation)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"F:\ICQ7.5\ICQ.exe" = F:\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"F:\Flight Simulator X\fsx.exe" = F:\Flight Simulator X\fsx.exe:*:Enabled:Microsoft Flight Simulator® -- (Microsoft Corp.)
"F:\Flight Simulator X\Flight One Software\Ultimate Traffic 2\UT2Services.exe" = F:\Flight Simulator X\Flight One Software\Ultimate Traffic 2\UT2Services.exe:*:Enabled:UT2Runtime -- (Flag Mountain Software)
"C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Dokumente und Einstellungen\Amadeo\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
"E:\Games\FIFA Manager 13\Manager13.exe" = E:\Games\FIFA Manager 13\Manager13.exe:*:Enabled:FUSSBALL MANAGER 13 -- (Electronic Arts Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"D:\PacificPoker\bin\poker.exe" = D:\PacificPoker\bin\poker.exe:*:Enabled:poker -- (random)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B82D6C6-9ECC-4710-97AB-5CE482E72852}_is1" = TableScan Turbo RC4 build 8
"{0C5A665C-EB82-237B-4703-88CACDE22C0C}" = Catalyst Control Center Graphics Previews Common
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab
"{0ED98038-0885-F902-C419-669ADE471A46}" = ATI Stream SDK v2 Developer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{13A74C4A-1AA2-1BAC-99C0-876663ACB9CE}" = ccc-utility
"{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}" = EditVoicepack
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{219F5D37-632B-4EC2-96F4-6AE1B8C39284}" = XLNation User Interface Mod
"{22183FFB-C8A7-4740-847A-DD2FAE27B4F3}" = Microsoft Flight Simulator X SP2 SDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3B095ED6-8631-4E2A-9F75-3EAD0AA37850}" = ATC Voicepack SDK
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46559469-7C15-49F4-BB76-21480BE1BEF4}" = Real Environment Xtreme FS2004
"{493687F8-8D57-47C4-87B6-D46D7C5203BF}" = EditVoicepack X
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{4D27CE85-F519-42C1-B4AB-C0BD976FB0BA}" = Orbiter 2010-P1
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55F78BA4-3D29-4F66-8D89-36E45C3750B6}" = Active Sky Evolution
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724D34D5-CC50-49ED-B5A4-587F67EF2B44}" = Overland - World Airlines for FS2004 (Airbus)
"{72FC6A11-7165-49D3-9033-061953EFD732}" = Airlines 2
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D8EB14A-50BF-493F-A6D6-30656E04937C}" = XPax
"{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8F161264-A992-623B-5746-5AD0EF1EA516}" = ATI Catalyst Install Manager
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9273AF57-4CE9-48D9-B9D7-6F8B503B1D93}" = Overland - World Airlines for FSX (Boeing)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C2B76C-DD0E-FC4F-A5D4-C9F7970FB1CD}" = ccc-core-static
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEA944B7-D9C2-4560-92AE-64BD1D755A37}" = FS Recorder 2.01 for FS2004
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BA82F3D7-40E0-CB34-B682-ACC63E7E73B6}" = CCC Help English
"{BC63C33D-2EA7-4991-8C2E-D9B8A48DD58B}" = PokerStrategy.com Elephant
"{BD7CA7F2-FF0A-46C8-8428-38D5BE805C1A}" = Overland - World Airlines for FS2004 (Boeing)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB71DCD9-6D02-4FB4-A81F-27415DA07007}" = Overland - World Airlines for FSX (Airbus)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EB74294F-B8FC-4387-BEBF-275E36C6076C}" = FS Recorder 2.1 for FSX
"{ED654F5D-5DC9-46EA-9D10-621231527F98}" = FS9 Configurator
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F200693E-3746-4CAF-B38B-AD760AC08555}" = ProTrain - Romatisches Rheintal
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"888poker" = 888poker
"Accu-Feel" = Accu-Feel
"ADE9xSetup_is1" = Airport Design Editor 9x Version 1.50.18.197
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AeroDesigns A340 - 313 House Livery" = AeroDesigns A340 - 313 House Livery
"Airport Simulator" = Airport Simulator
"Audacity_is1" = Audacity 2.0
"BAHN384r3a_is1" = BAHN 3.84r3a
"BitTorrent" = BitTorrent
"bwin Poker_is1" = bwin Poker
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CHControlManager_is1" = CH Control Manager Software
"Cities XL 2011" = Cities XL 2011
"C-Media Oxygen HD Sound" = C-Media Oxygen HD Audio Device
"C-Media PCI Sound" = C-Media PCI Audio Device
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CPU-Control_is1" = CPU-Control
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Gilde Gold-Edition" = Die Gilde Gold-Edition
"DMX5_is1" = DriverMax 5
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"eMule" = eMule
"EZdok Camera for Microsoft Flight Simulator X" = EZdok Camera for Microsoft Flight Simulator X
"F1UT2" = Ultimate Traffic 2 - Summer Schedule Update
"F1UT2PP" = Ultimate Traffic 2 Power Pack
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps (remove only)
"FS Water Configurator" = FS Water Configurator 3.15
"Google Chrome" = Google Chrome
"HoldemManager2" = Holdem Manager 2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Installation Stellwerk Bremen" = Installation Stellwerk Bremen
"Installation Stellwerk Hamburg-Altona" = Installation Stellwerk Hamburg-Altona
"Installation Stellwerk Hannover" = Installation Stellwerk Hannover
"Installation Stellwerk Kempten" = Installation Stellwerk Kempten
"Installation Stellwerk Neumünster" = Installation Stellwerk Neumünster
"InstallShield_{72FC6A11-7165-49D3-9033-061953EFD732}" = Airlines 2
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"JBChtzDrdnBAHN386rel1_is1" = BAHN 3.86r1
"JBChtzDrdnBAHN386rel2_is1" = BAHN 3.86r2
"JBChtzDrdnBAHN400beta1_is1" = BAHN 4.00b1a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MM Eisenbahn-Bildschirmschoner V3" = MM Eisenbahn-Bildschirmschoner V3
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NoLimits Coasters full" = NoLimits Coasters 1.7 (remove only)
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.2.3
"Origin" = Origin
"PartyPoker" = PartyPoker
"PCI Audio Driver" = PCI Audio Driver
"PKR" = PKR
"Poker 770" = Poker 770
"PokerStars" = PokerStars
"PokerTracker4" = PokerTracker 4 (remove only)
"ProcessLasso" = Process Lasso
"Real Color KLAX" = Real Color KLAX
"Sandboxie" = Sandboxie 3.68 (32-bit)
"Shockwave" = Shockwave
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"SS CFM56-7B 700_800" = SS CFM56-7B 700_800
"Star Alliance TravelDesk_is1" = Star Alliance TravelDesk
"Steam App 73010" = Cities in Motion
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TrafficGiant-Gold Edition" = TrafficGiant-Gold Edition
"tsimsbgrx9" = São Paulo - Guarulhos / SBGR FS9
"TSS Airbus CFM56 5B FS2004" = TSS Airbus CFM56 5B FS2004
"TSS Airbus CFM56 5B FSX" = TSS Airbus CFM56 5B FSX
"TSS Boeing 767 GE Sound" = TSS Boeing 767 GE Sound
"TSS Boeing 767 PW Sound" = TSS Boeing 767 PW Sound
"TSS Boeing 767 RR" = TSS Boeing 767 RR
"TSS Fokker 100 RR-Tay" = TSS Fokker 100 RR-Tay
"TSS MD11 GE fs2004" = TSS MD11 GE fs2004
"UK2000 Heathrow Xtreme" = Remove UK2000 Heathrow Xtreme files
"Vehicle Simulator_is1" = Vehicle Simulator
"Virtual Sailor_is1" = Virtual Sailor 7
"VLC media player" = VLC media player 2.0.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"80b77bf0c209b804" = Emulator Starter
"GeoGebra 4.2" = GeoGebra 4.2
"GeoGebraPrim" = GeoGebraPrim
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.12.2012 06:52:06 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 19.12.2012 06:52:13 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 20.12.2012 17:22:45 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pokertracker4.exe, Version 4.5.9.0, fehlgeschlagenes
Modul pokertracker4.exe, Version 4.5.9.0, Fehleradresse 0x00280073.
Error - 23.12.2012 06:51:57 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes
Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e.
Error - 25.12.2012 04:41:52 | Computer Name = JULIA | Source = PostgreSQL | ID = 0
Description = pg_ctl: could not start service "pgsql-8.3": error code 1063
Error - 27.12.2012 23:54:58 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes
Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e.
Error - 29.12.2012 04:20:46 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes
Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e.
Error - 29.12.2012 19:42:45 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes
Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e.
Error - 30.12.2012 14:03:54 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 30.12.2012 14:08:03 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ezca.exe, Version 1.1.5.0, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.6293, Fehleradresse 0x00012fd3.
[ Application Events ]
Error - 19.12.2012 06:52:06 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 19.12.2012 06:52:13 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 20.12.2012 17:22:45 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pokertracker4.exe, Version 4.5.9.0, fehlgeschlagenes
Modul pokertracker4.exe, Version 4.5.9.0, Fehleradresse 0x00280073.
Error - 23.12.2012 06:51:57 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes
Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e.
Error - 25.12.2012 04:41:52 | Computer Name = JULIA | Source = PostgreSQL | ID = 0
Description = pg_ctl: could not start service "pgsql-8.3": error code 1063
Error - 27.12.2012 23:54:58 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes
Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e.
Error - 29.12.2012 04:20:46 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes
Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e.
Error - 29.12.2012 19:42:45 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung teatimer.exe, Version 1.6.6.32, fehlgeschlagenes
Modul teatimer.exe, Version 1.6.6.32, Fehleradresse 0x0006e66e.
Error - 30.12.2012 14:03:54 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung postgres.exe, Version 8.3.0.831, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x000324cb.
Error - 30.12.2012 14:08:03 | Computer Name = JULIA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ezca.exe, Version 1.1.5.0, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.6293, Fehleradresse 0x00012fd3.
[ System Events ]
Error - 01.01.2013 06:21:10 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 01.01.2013 06:21:15 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 01.01.2013 06:21:17 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "HWDeviceService.exe" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 01.01.2013 09:09:11 | Computer Name = JULIA | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 62.178.222.171 für die Netzwerkkarte mit der Netzwerkadresse
00E07DDE68F5 wurde durch den DHCP-Server 195.34.134.99 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 01.01.2013 09:09:36 | Computer Name = JULIA | Source = awyeqe6i | ID = 262148
Description =
Error - 01.01.2013 09:09:36 | Computer Name = JULIA | Source = awyeqe6i | ID = 262148
Description =
Error - 01.01.2013 09:10:39 | Computer Name = JULIA | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Mobile
Partner. OUC.
Error - 01.01.2013 09:10:39 | Computer Name = JULIA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 01.01.2013 09:13:06 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "HWDeviceService.exe" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 01.01.2013 09:13:14 | Computer Name = JULIA | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
|
|
02.01.2013, 15:05
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google-Link und andere Probleme!Code:
ATTFilter Scan Mode: Current user
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Google-Link und andere Probleme! |
| acrobat, andere, andere probleme, funktionieren, geleitet, klicke, lösung, natürlich, nicht öffnen, offen, problem, probleme, programme, reader, seite, sämtliche, thread, win, win xp, öffnen |
Textbox. 
Linear-Darstellung
