Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Virus Österreich kein abgesicheter modus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.04.2013, 08:51   #1
FUNUR
 
Bundespolizei Virus Österreich kein abgesicheter modus - Standard

Bundespolizei Virus Österreich kein abgesicheter modus



Hallo


Habe mir den Bundespolizei Virus eingefangen.

Weißer Bildschirm kann nichts machen nur 100 € zahlen
Abgesichertermodus geht nicht der startet sofort neu.

Es geht nur der mit befehlseingabe.

Habe mit der OTL.exe einen Scan gemacht hier sind die logfiles


Zitat:
OTL Extras logfile created on: 13.04.2013 09:40:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = h:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

7,98 Gb Total Physical Memory | 7,27 Gb Available Physical Memory | 91,16% Memory free
16,93 Gb Paging File | 16,24 Gb Available in Paging File | 95,95% Paging File free
Paging file location(s): d:\pagefile.sys 0 0e:\pagefile.sys 1000 30000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 7,34 Gb Free Space | 13,15% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 137,03 Gb Free Space | 29,42% Space Free | Partition Type: NTFS
Drive E: | 148,95 Gb Total Space | 112,85 Gb Free Space | 75,76% Space Free | Partition Type: NTFS
Drive F: | 202,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 7,46 Gb Total Space | 7,46 Gb Free Space | 99,99% Space Free | Partition Type: FAT32

Computer Name: FUNUR-PC | User Name: FUNUR | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{38B5D5F2-A63E-427E-8B65-555C0B3ABCBF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{659D24F8-9CCB-4693-B225-41AB7F257CDE}" = lport=137 | protocol=17 | dir=in | app=system |
"{69033D89-C823-4B01-822F-324A1835FD9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8A8AAA61-6DC7-4260-9C4F-5C45EE81ECD4}" = rport=137 | protocol=17 | dir=out | app=system |
"{9691CB66-D62B-48A0-89BD-002C1B30DBD4}" = rport=138 | protocol=17 | dir=out | app=system |
"{96DF573A-73DE-45F2-B631-7816B46CA4E5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B43DE994-CB0F-49B2-BFEC-CD780D63069A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8182C0C-3E37-4379-861E-43AC201F80C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{CC3AD305-FAB2-4FDC-9E9F-31CD1E50DE80}" = lport=138 | protocol=17 | dir=in | app=system |
"{CFDB9E43-4A40-42CD-A4EC-1FE5EBF066D2}" = rport=445 | protocol=6 | dir=out | app=system |
"{D1F8A7B3-697F-4581-B05D-8C66C82F02AB}" = lport=445 | protocol=6 | dir=in | app=system |
"{EE7B933D-D153-4103-961B-2042220C8583}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0152C3A4-8697-42EF-8188-34EF33A2618C}" = protocol=58 | dir=in | app=system |
"{01AF0FC2-0231-4DFE-94E1-CB7D3E226A2A}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{03ECE5CB-0276-4722-90DC-8187C3CE901B}" = protocol=17 | dir=in | app=e:\program files (x86)\guild wars 2\gw2.exe |
"{04BDC2BD-C70C-4BBE-9888-188DA4F1062A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{0580DFA8-7C00-4214-AA2A-AD1D50D911EA}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft games\microsoft flight\flight.exe |
"{0600F10E-D467-436A-8E56-1FEEFD2CCEC3}" = protocol=17 | dir=in | app=d:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{07546486-208A-49A1-9176-486E71A3F262}" = protocol=6 | dir=in | app=d:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{0B01B837-0659-4B67-A2CF-8203C9F72DF9}" = protocol=17 | dir=in | app=e:\star wars-the old republic\launcher.exe |
"{0E2C3517-4392-4B9B-AA03-A42DD0A9C9FB}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{11EF34A2-E4AD-404D-9CE2-B59DDF35B0C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{158D7CA2-C152-4EE4-AD82-3F74D40B8242}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{17C98148-4E0C-45D8-A0F6-5C4D37DED572}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\swtor\retailclient\swtor.exe |
"{1A032815-9C57-4A5C-B0F7-EF21EE469449}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{1CDFD587-5C1B-49F0-93AB-EBFE1FADD967}" = dir=in | app=e:\users\funur\documents\the war z\warz.exe |
"{2476E2DA-23A6-4275-8D4D-5403C0CD54B3}" = protocol=17 | dir=in | app=d:\games\battlefield 3\bf3.exe |
"{2885F3A8-EDA2-4A6D-BE73-C6AB2ACDA7C4}" = protocol=6 | dir=in | app=d:\program files\bohemia interactive\arma 2\arma2oa.exe |
"{28D244DB-433A-4EAA-A250-0EE71240809C}" = protocol=17 | dir=in | app=d:\program files\bohemia interactive\arma 2\arma2.exe |
"{28E3F91A-FF58-4105-AE2C-BB0802CBD212}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{2913B22C-3F59-49D6-814F-FEFACCD17A0F}" = protocol=6 | dir=in | app=c:\users\funur\appdata\roaming\dropbox\bin\dropbox.exe |
"{29C46C20-1C5D-4A2C-B254-1C78B17D35E4}" = protocol=6 | dir=in | app=d:\program files\bohemia interactive\arma 2\arma2.exe |
"{2C7FDC2E-320E-4C05-A417-800066967D9A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C978298-90C2-4C98-8B1A-C79403E5CB00}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{31073FFB-361A-47DB-94FF-79AEF2CDB80D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3AF2ECDF-651F-419B-9F73-A65CBF26F618}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{3D6198EA-68E7-4430-BCFC-13602C1D78B0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3DF5E087-3343-41C9-AE7A-E7C5D5324488}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{3F63BEB9-384C-4D3F-BAA0-0434E3CAE3FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4164E06F-D67B-462A-ABD3-1BA905B67786}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{41DCD882-0D20-4D5D-BD15-4CE2003AB507}" = protocol=17 | dir=in | app=e:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{433AFE18-FD21-464E-8473-DEB68C28CEC0}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{43B8BD6D-62C3-4B04-BFD5-6BF02EAD7E40}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{43EF3999-3D8B-483E-8B35-69D6D98C21BF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{49FBB596-9DF8-4E66-89CE-2E1E2B3EA088}" = protocol=17 | dir=in | app=d:\program files (x86)\bittorrent\bittorrent.exe |
"{4B9DB8AC-06CA-4FD4-907E-8CB68854AD68}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4C1655E9-AF8F-4384-B41E-AF7B13508FAA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4C354744-789E-415A-982C-2684BF844167}" = protocol=6 | dir=in | app=d:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{4E90EF95-2BF8-4861-8178-F549ECE54378}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5118E9B6-07DC-4CB2-ADA3-DCAA86F4C19D}" = protocol=17 | dir=in | app=d:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{558F8C54-5FB2-4806-97B4-37C791BB32F8}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\swtor\retailclient\swtor.exe |
"{5FF2F7D9-E04B-4B28-BB96-8EAF998BC50C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{613F4EC0-ED92-4A61-A159-86FAE6BA8442}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{632ED29B-8E3C-4E1F-AB67-616D94070A98}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\swtor\retailclient\swtor.exe |
"{63BEB76B-5EF0-4947-9AEA-309F94A57AE4}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{6F59BA03-7989-471F-B53E-14763DD08301}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{72DCD993-81B1-4D68-9232-81F841E26600}" = protocol=17 | dir=in | app=e:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"{766454C0-CB65-4564-B5F7-A58DC2780469}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7A11AE12-FBC3-4FDA-A980-D21BBBD5CF8B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7CE8A824-081C-4AD7-B08A-F33B0ABA0EDA}" = protocol=6 | dir=in | app=e:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"{8561811C-5984-42CD-8041-6D2F902D3A75}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8685E9E5-63B0-4B7C-9F4F-09707DB84F09}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{875A4DD4-D482-4916-9047-450F3BC0326E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{90EF19C1-8C3A-4616-B352-F689B7198573}" = protocol=6 | dir=in | app=e:\star wars-the old republic\launcher.exe |
"{92E7C1C5-7647-4D06-97CC-71959D870194}" = protocol=6 | dir=in | app=e:\star wars-the old republic\swtor\retailclient\swtor.exe |
"{945EC67B-0991-407A-BBC5-5E386B8626F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9617BDA5-3BAD-4C44-9304-1E11593253AA}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{9C5C7841-04A9-413F-9C6D-CAAA4180999B}" = protocol=17 | dir=in | app=c:\users\funur\appdata\roaming\dropbox\bin\dropbox.exe |
"{A0144967-C86A-4E70-B084-164EC619487A}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{A0E2C2BC-C887-40DA-ACC2-B0B2976209A4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A322E6FC-4F83-43A5-B792-1D6E9DA03091}" = protocol=17 | dir=in | app=d:\program files\bohemia interactive\arma 2\arma2oa.exe |
"{A448ECE6-A2BC-4668-A7F0-D0C75787485B}" = protocol=6 | dir=in | app=d:\program files (x86)\bittorrent\bittorrent.exe |
"{AAA76A46-E6CD-49D9-8974-89AB1385398E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{AB4F3B46-938D-41B3-949F-7B3FB792F391}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\swtor\retailclient\swtor.exe |
"{B0ABA6DD-C9C0-4E4B-9028-4038F7C94454}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B49FE07A-30C4-4658-AAD1-69AC822A8335}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{BC8B6C7A-3E4E-4E38-AAB7-E096F2A36DFD}" = protocol=6 | dir=in | app=e:\program files (x86)\guild wars 2\gw2.exe |
"{BCEFB81E-5208-48E0-9581-4F8C6373042D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C24F3872-7750-4F33-BE58-E976382C0406}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C622331D-EAD6-4A7B-A017-0DCC5BD88A73}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft games\microsoft flight\flight.exe |
"{CCD267F3-C94D-4013-BFB3-2DEFA4C31894}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CEC1D03D-773B-4AA3-ABC9-897F89A11A0E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CEE40062-4A35-4D42-A664-1E1980090E28}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D863180A-E52C-4672-A660-70876FB3A641}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D92886A6-DB7F-4F08-9FE0-89C737BD6821}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{DACAD980-9CF6-4E89-BB6B-AF6443AD8CF4}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{DCF62788-ACD8-4DAF-A3CB-5D5C7E629920}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{E122339E-5828-4B13-A9A7-6253B2DAB374}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{E85010D2-E3C5-43C5-A70E-C8D6E37083F5}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{EF3A83D2-DB90-4994-8312-FA595FB1A3D5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F1D56CF0-E4A9-4086-97B4-8BA2B2F2B4D5}" = protocol=6 | dir=in | app=d:\games\battlefield 3\bf3.exe |
"{F254F94E-8486-4AE5-9780-31736E263869}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{F458A749-86DB-4376-8E08-339521265792}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{F9BE2474-9502-4D2C-9A74-1F64F526F62E}" = protocol=6 | dir=in | app=d:\leistung&diagnose tools\ai suite ii\asus mobilink\iphone simulator\pnsvc.exe |
"{FA2D83C1-A428-494F-804A-7BC679CD29E6}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe |
"TCP Query User{3849AAC7-89A7-453D-93F5-12D16633FD90}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{5A25143A-7EA2-4975-AF3B-429739357426}D:\program files\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\bin\javaw.exe |
"TCP Query User{96BFD5DB-ACF4-4CC4-A2FF-85BD78449E70}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{9EFB3D9C-F078-4224-87B3-CAFACD3FF667}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{A091A0B5-528B-412B-9C1A-49B4A6AEB9D0}D:\program files (x86)\dreamstream-e2\dreamstream.exe" = protocol=6 | dir=in | app=d:\program files (x86)\dreamstream-e2\dreamstream.exe |
"TCP Query User{AAA4AB77-55EC-4453-BF61-B7CB336EB130}E:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe" = protocol=6 | dir=in | app=e:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe |
"TCP Query User{D3A7459B-4EA9-481D-B600-8EBE6CACBD4C}E:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=e:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{EC35945C-9EC0-4A5C-B2DF-9D75264450D1}E:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=e:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{F7D78407-8E1C-4662-9882-CD847415E88A}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{21DF033A-2050-4B90-BB6A-3E4E1272A54E}E:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe" = protocol=17 | dir=in | app=e:\users\public\sony online entertainment\installed games\planetside 2 beta\planetside2.exe |
"UDP Query User{29767659-5855-4F64-AA7D-4577FD9A6BF2}D:\program files\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\bin\javaw.exe |
"UDP Query User{3EFEEDA8-1098-4C39-B893-0FA4E8E555E8}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{6EBFA1C9-EAD7-4BF5-90F4-05A0595FF8CA}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{7F7910FE-4E1A-4623-BC55-724128976C1A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{803721A8-9E28-4011-8526-7C6FDB283289}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{83E94461-AF3D-4479-9A9F-710E2D7EAFA7}E:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=e:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{9EE7D471-97C4-4677-8546-8B6B7E33F9EC}D:\program files (x86)\dreamstream-e2\dreamstream.exe" = protocol=17 | dir=in | app=d:\program files (x86)\dreamstream-e2\dreamstream.exe |
"UDP Query User{BA0989B9-8B67-4B2B-AE6F-472A0588DF0F}E:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=e:\program files (x86)\guild wars 2\gw2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{127B5371-1802-4EDD-A25A-A43BF761D383}" = PBO Manager v.1.4 beta
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B408139D-04D6-4464-A979-D335E48F7063}" = NaturalPoint USB Drivers x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"IvAi_is1" = IvAi v1.0.0 b150
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0214578F-4888-43FB-9E34-C14FCFDEDDEB}" = Razer Nostromo
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07CC448E-4FFC-444F-999D-10F11AE559FB}" = aerosoft's - Mallorca X for FSX
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}" = aerosoft's - Mega Airport Paris CDG X
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1AF39B3E-954C-4ADB-BD31-D29F653D4B22}" = PMDG744XF_GE_BRF
"{1D67FB28-58DA-4425-B426-99E894468197}" = PMDG744X_PW_IB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}" = PMDG744X_GE_LH
"{20708FD5-E94D-4097-A21E-E28564CDBC06}" = PMDG 737 8900 NGX
"{20B3074F-F200-4A50-9231-6FE3E0CF3F05}" = PMDG744XF_GE_EKF
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2A9A269C-1C36-493C-96D8-60B23FAB2E10}" = FSC
"{2f2e6053-043c-4d69-94d0-4d42304ea4ee}" = TrackIR 5
"{2F4AF40B-433A-494E-BB41-816D113F32BA}" = aerosoft's - Mega Airport London Heathrow X
"{31C2BE56-FC30-4EC8-9E53-509252008243}" = PMDG744XF_GE_AFF
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{40F75775-0940-4F2D-B43F-2BB37E51F13A}" = PMDG744X_GE_SV
"{42DCB650-F003-4535-A5CD-32AD815CD2DD}" = Play withSIX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{4D5308D2-6B0A-4BB0-809F-AE1000028101}" = Microsoft Flight
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{520C2FC2-F39B-4B95-BDA9-3FB6BCA135BF}" = PMDG744XF_GE_XHF
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6E19AEFD-7F83-4563-A7B5-F61CABF02400}" = DayZ Commander
"{70D78DCD-8369-4857-BFEF-021C9899DA75}" = PMDG744X_GE_AF
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8233F99B-C4C2-44E9-8486-374E9B300BF2}" = aerosoft's - Mega Airport Madrid Barajas
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A3D1E45-8D8C-4FC6-A769-DF1232776190}" = PMDG744X_GE_AC
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{96E1C9EE-5109-41FA-B412-E3358626051D}" = PMDG744X_PW_NW3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C979BC5-0B86-47A1-B6C1-6057297DB61C}" = PMDG744X_RR_BA
"{9EF4E550-0D15-4047-AABF-ACD47CC3623B}" = PMDG744XF_GE_KLF
"{A1D97ADB-EFF4-4F31-B286-873F06AC6496}" = PMDG744X_GE_NH
"{ABD462F9-7436-4086-A65B-AC6360ED45FC}" = PMDG744XF_RR_CXF
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAEE0C24-C8C2-4820-9DF4-887909F1A286}" = aerosoft's - Mega Airport Frankfurt X
"{BF05DD52-4D84-474D-A7ED-F1DCAAE39E82}" = PMDG744XF_RR_CVF3
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}" = PMDG_MD11_FSX
"{D4CF23EE-B0B6-4E5F-A335-8E63F8AFAC98}" = PMDG744X_GE_KL
"{D86B0FD3-5506-4230-97E1-77303E3AC063}_is1" = Active Sky 2012
"{DBDF2E37-701F-416F-92F6-1A239C666AA3}" = Real Environment Xtreme Essential
"{E110F951-FDE7-46AF-A469-C234666E98EF}" = PMDG744XF_GE_VC25A
"{E45EC4EA-CE0C-4F1C-9DA4-908A5860CDBA}" = PMDG744XF_GE_5XF
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EAB979F7-84A6-47B6-AB39-CA73A6EEAE69}" = PMDG744X_PW_UA3
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}" = PMDG 747-400/400F for FSX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}" = TrackIR5
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F77ABA68-8AC4-497E-9FFA-9CA4506B78FC}" = PMDG744XF_PW_FXF
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9217D1C-DF96-4C23-8B43-EC60B9C40CB1}" = Navigraph nDAC 3
"{F941AABE-E868-42D9-9F38-884250F7898A}" = aerosoft's - FlightSim Commander 9
"{FB647DBE-2231-405D-AC36-C73246CBE305}" = PMDG BAe JS4100
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"767CAPTAIN" = 767 Captain (767-300 Base Pack)
"845CCCCA-B77C-43EA-9A43-62DACEA4F902" = DreamStream E2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArmA 2" = ArmA 2 Uninstall
"Arma 2 Army of The Czech Republic (LITE)" = Arma 2 Army of The Czech Republic (LITE) Uninstall
"Arma 2 British Armed Forces" = Arma 2 British Armed Forces Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"Arma 2 Private Military Company" = Arma 2 Private Military Company Uninstall
"ASIO4ALL" = ASIO4ALL
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"BitTorrent" = BitTorrent
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.5.3
"Flight Environment X" = Flight Environment X
"FS Global 2010" = FS Global 2010
"FSBuild 2" = FSBuild 2
"Ground Environment X Europe" = Ground Environment X Europe
"Guild Wars 2" = Guild Wars 2
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"IvAc_is1" = IvAc v1.2.4 (b225)
"IvAe_is1" = The Eye v1.0.8 (b367)
"IvAp-v2_is1" = IvAp v2.0.2 (build 2773)
"LogMeIn Hamachi" = LogMeIn Hamachi
"MPE" = MyPhoneExplorer
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.15.1748" = Opera 12.15
"Origin" = Origin
"PrecisionX" = EVGA Precision X 3.0.2
"QuteScoop 2.0rc21" = QuteScoop
"Steam App 107410" = Arma 3 Alpha
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 65800" = Dungeon Defenders
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"x772" = 777 Captain (777-200) 0.500

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3159596304-311636187-174254376-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aerosoft Mega Airport Munich v 1.00 for FSX" = Aerosoft Mega Airport Munich v 1.00 for FSX
"Dropbox" = Dropbox
"E-Jets v2 World Airliners 1 (v1.0b021)" = E-Jets v2 World Airliners 1 (v1.0b021)
"E-Jets v2 World Airliners 2 (v1.1b024)" = E-Jets v2 World Airliners 2 (v1.1b024)
"FeelThere E-Jets v.2" = FeelThere E-Jets v.2
"Ground Environment X USA-Canada" = Ground Environment X USA-Canada
"MyFreeCodec" = MyFreeCodec
"SOE-C:/Users/FUNUR/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-E:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"SOE-E:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 Beta" = gamelauncher-code4344-beta
"soe-PlanetSide 2" = PlanetSide 2
"Ultimate Terrain X - Europe" = Ultimate Terrain X - Europe

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09.04.2013 08:45:42 | Computer Name = FUNUR-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10.04.2013 09:42:17 | Computer Name = FUNUR-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10.04.2013 12:01:56 | Computer Name = FUNUR-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\leistung&diagnose
tools\ai suite ii\asus mobilink\simulator\killproc.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 10.04.2013 12:39:41 | Computer Name = FUNUR-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10.04.2013 13:44:43 | Computer Name = FUNUR-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 11.04.2013 11:21:40 | Computer Name = FUNUR-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 11.04.2013 12:38:56 | Computer Name = FUNUR-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\leistung&diagnose
tools\ai suite ii\asus mobilink\simulator\killproc.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 12.04.2013 07:39:25 | Computer Name = FUNUR-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\leistung&diagnose
tools\ai suite ii\asus mobilink\simulator\killproc.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 12.04.2013 08:23:10 | Computer Name = FUNUR-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 12.04.2013 12:27:59 | Computer Name = FUNUR-PC | Source = Application Hang | ID = 1002
Description = Programm fsx.exe, Version 10.0.61472.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1cb4 Startzeit:
01ce379a7455b14f Endzeit: 20 Anwendungspfad: D:\Program Files (x86)\Microsoft Games\Microsoft
Flight Simulator X\fsx.exe Berichts-ID: ede95744-a38d-11e2-8a47-5404a6699117

[ System Events ]
Error - 13.04.2013 03:26:37 | Computer Name = FUNUR-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 13.04.2013 03:26:37 | Computer Name = FUNUR-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 13.04.2013 03:26:37 | Computer Name = FUNUR-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 13.04.2013 03:26:37 | Computer Name = FUNUR-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31

Error - 13.04.2013 03:26:37 | Computer Name = FUNUR-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 13.04.2013 03:26:37 | Computer Name = FUNUR-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 13.04.2013 03:26:37 | Computer Name = FUNUR-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD AsIO AsUpIO DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

Error - 13.04.2013 03:28:37 | Computer Name = FUNUR-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 13.04.2013 03:38:40 | Computer Name = FUNUR-PC | Source = DCOM | ID = 10005
Description =

Error - 13.04.2013 03:39:25 | Computer Name = FUNUR-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst
"DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068


< End of report >


Zitat:
OTL logfile created on: 13.04.2013 09:40:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = h:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

7,98 Gb Total Physical Memory | 7,27 Gb Available Physical Memory | 91,16% Memory free
16,93 Gb Paging File | 16,24 Gb Available in Paging File | 95,95% Paging File free
Paging file location(s): d:\pagefile.sys 0 0e:\pagefile.sys 1000 30000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 7,34 Gb Free Space | 13,15% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 137,03 Gb Free Space | 29,42% Space Free | Partition Type: NTFS
Drive E: | 148,95 Gb Total Space | 112,85 Gb Free Space | 75,76% Space Free | Partition Type: NTFS
Drive F: | 202,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 7,46 Gb Total Space | 7,46 Gb Free Space | 99,99% Space Free | Partition Type: FAT32

Computer Name: FUNUR-PC | User Name: FUNUR | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.04.13 09:29:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- h:\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013.03.27 21:06:23 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.03.17 12:29:42 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.20 19:13:35 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.02.07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.10.06 12:07:00 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.22 17:12:00 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.04.30 01:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.01.10 15:48:32 | 000,231,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV - [2011.01.10 15:47:54 | 000,109,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Home Server\esClient.exe -- (esClient)
SRV - [2011.01.10 15:47:42 | 000,489,840 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2010.12.02 04:15:14 | 000,915,584 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)
SRV - [2010.10.27 17:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.08 16:16:20 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.19 11:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.09.19 11:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 23:09:10 | 000,038,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npusbio_x64.sys -- (npusbio)
DRV:64bit: - [2012.05.03 12:33:28 | 000,015,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror)
DRV:64bit: - [2012.05.03 12:33:28 | 000,015,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.16 13:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.01.10 15:16:57 | 000,216,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2012.01.10 15:16:57 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012.01.10 15:16:57 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2011.07.14 18:18:52 | 000,157,184 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011.04.26 12:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.24 15:35:36 | 000,019,968 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzjoystk.sys -- (rzjoystk)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.24 11:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.02.24 11:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.08 15:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010.10.27 16:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.10.27 16:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.10.27 16:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.10.27 16:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.10.27 16:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.08.17 19:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2009.11.23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.01 12:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012.10.29 13:09:26 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=AT&userid=1f57d2d1-7b8b-44cf-b11d-81308e5ddb63&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3159596304-311636187-174254376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=AT&userid=1f57d2d1-7b8b-44cf-b11d-81308e5ddb63&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3159596304-311636187-174254376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=AT&userid=1f57d2d1-7b8b-44cf-b11d-81308e5ddb63&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3159596304-311636187-174254376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.at/ [binary data]
IE - HKU\S-1-5-21-3159596304-311636187-174254376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=AT&userid=1f57d2d1-7b8b-44cf-b11d-81308e5ddb63&searchtype=hp&installDate={installDate}
IE - HKU\S-1-5-21-3159596304-311636187-174254376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3159596304-311636187-174254376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-3159596304-311636187-174254376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 44 E2 72 28 09 CD 01 [binary data]
IE - HKU\S-1-5-21-3159596304-311636187-174254376-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=AT&userid=1f57d2d1-7b8b-44cf-b11d-81308e5ddb63&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3159596304-311636187-174254376-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=AT&userid=1f57d2d1-7b8b-44cf-b11d-81308e5ddb63&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3159596304-311636187-174254376-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-3159596304-311636187-174254376-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=AT&userid=1f57d2d1-7b8b-44cf-b11d-81308e5ddb63&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3159596304-311636187-174254376-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3159596304-311636187-174254376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3159596304-311636187-174254376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: D:\Program Files\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found


[2013.03.23 19:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FUNUR\AppData\Roaming\mozilla\Extensions
[2012.05.21 16:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FUNUR\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.03.23 19:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FUNUR\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org

========== Chrome ==========

CHR - homepage: hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=AT&userid=1f57d2d1-7b8b-44cf-b11d-81308e5ddb63&searchtype=hp&installDate=01/01/1970
CHR - Extension: No name found = C:\Users\FUNUR\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\

O1 HOSTS File: ([2012.07.10 19:57:58 | 000,000,895 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 113.105.152.25 www.precisionmanuals.com
O1 - Hosts: 127.0.0.1 serials.wilcopub.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS ShellProcess Execute] D:\Leistung&Diagnose Tools\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe (Razer USA Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3159596304-311636187-174254376-1000..\Run: [] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-3159596304-311636187-174254376-1000..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3159596304-311636187-174254376-1000..\Run: [KiesAirMessage] D:\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-3159596304-311636187-174254376-1000..\Run: [KiesPreload] D:\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3159596304-311636187-174254376-1000..\Run: [NaturalPoint] E:\Program Files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe (NaturalPoint, Inc.)
O4 - HKU\S-1-5-21-3159596304-311636187-174254376-1000..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3159596304-311636187-174254376-1000..\Run: [TomTomHOME.exe] "D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\FUNUR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\FUNUR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\FUNUR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\FUNUR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3159596304-311636187-174254376-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3159596304-311636187-174254376-1000\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3159596304-311636187-174254376-1000\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3159596304-311636187-174254376-1000\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3159596304-311636187-174254376-1000\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/AT/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3159596304-311636187-174254376-1000 Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3159596304-311636187-174254376-1000 Winlogon: Shell - (C:\Users\FUNUR\AppData\Roaming\skype.dat) - C:\Users\FUNUR\AppData\Roaming\skype.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.11 14:09:10 | 000,184,320 | R--- | M] () - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2001.09.10 11:36:38 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{4c745995-26ae-11e1-8719-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4c745995-26ae-11e1-8719-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{74c9118e-bc5d-11e1-bafb-5404a6699117}\Shell - "" = AutoRun
O33 - MountPoints2\{74c9118e-bc5d-11e1-bafb-5404a6699117}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{917cfb1a-3b8d-11e1-bfd4-5404a6699117}\Shell - "" = AutoRun
O33 - MountPoints2\{917cfb1a-3b8d-11e1-bfd4-5404a6699117}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{a6587cd1-2741-11e1-b582-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a6587cd1-2741-11e1-b582-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009.01.11 14:09:10 | 000,184,320 | R--- | M] ()
O33 - MountPoints2\{b7628024-98d4-11e1-88b0-5404a6699117}\Shell - "" = AutoRun
O33 - MountPoints2\{b7628024-98d4-11e1-88b0-5404a6699117}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.04.10 19:55:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 19:55:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 19:55:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 19:55:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.10 19:55:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.10 19:55:30 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 19:55:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 19:55:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 19:55:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 19:55:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 19:55:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.10 19:55:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.10 19:55:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 19:55:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 19:55:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 14:50:05 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 14:50:05 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 14:50:05 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 14:50:05 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 14:50:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 14:50:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 14:50:03 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 14:50:03 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 14:50:03 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 14:50:02 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 14:50:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 14:50:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.09 14:09:59 | 000,000,000 | R--D | C] -- C:\Users\FUNUR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.03.27 17:21:56 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.23 19:38:31 | 000,000,000 | ---D | C] -- C:\Users\FUNUR\AppData\Local\Prism
[2013.03.23 19:37:54 | 000,000,000 | ---D | C] -- C:\Users\FUNUR\AppData\Roaming\prism
[2013.03.23 19:37:41 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.03.21 19:09:20 | 000,000,000 | ---D | C] -- C:\Users\FUNUR\AppData\Local\Programs
[2013.03.21 19:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NaturalPoint
[2013.03.21 18:28:41 | 000,000,000 | ---D | C] -- C:\Users\FUNUR\Desktop\PMDG_1303
[2013.03.16 20:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.16 20:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.16 20:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.04.13 09:39:24 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.13 09:39:24 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.13 09:39:24 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.13 09:39:24 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.13 09:39:24 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.13 09:26:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.13 09:26:36 | 2129,195,007 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.13 09:23:38 | 000,000,004 | ---- | M] () -- C:\Users\FUNUR\AppData\Roaming\skype.ini
[2013.04.13 09:22:26 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.04.12 19:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.12 15:58:03 | 000,012,854 | ---- | M] () -- C:\Users\FUNUR\Desktop\journal-details_2013-04-12_15-58-04.pdf
[2013.04.12 15:57:53 | 000,012,822 | ---- | M] () -- C:\Users\FUNUR\Desktop\journal-details_2013-04-12_15-57-53.pdf
[2013.04.12 13:54:11 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.04.12 13:54:11 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.12 13:53:46 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.04.12 13:26:27 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 13:26:27 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 17:12:32 | 000,000,731 | ---- | M] () -- C:\Users\FUNUR\Desktop\IvAi - IVAO Interface.lnk
[2013.04.11 16:45:00 | 000,283,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 17:08:40 | 000,000,761 | ---- | M] () -- C:\Users\FUNUR\Desktop\IvAc - IVAO Virtual ATC Client.lnk
[2013.04.04 17:43:36 | 000,001,049 | ---- | M] () -- C:\Users\FUNUR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.31 21:48:46 | 000,002,000 | -H-- | M] () -- C:\Users\FUNUR\Documents\Default.rdp
[2013.03.27 21:06:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.25 20:11:24 | 004,033,305 | ---- | M] () -- C:\Users\FUNUR\Desktop\swiss lips.mp3
[2013.03.21 19:08:27 | 000,002,104 | ---- | M] () -- C:\Users\Public\Desktop\TrackIR v5.lnk
[2013.03.21 18:42:39 | 000,000,801 | ---- | M] () -- C:\Users\FUNUR\Desktop\Teamspeak 2 RC2.lnk
[2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.03.17 12:29:42 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.17 12:29:42 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.04.12 15:58:02 | 000,012,854 | ---- | C] () -- C:\Users\FUNUR\Desktop\journal-details_2013-04-12_15-58-04.pdf
[2013.04.12 15:57:53 | 000,012,822 | ---- | C] () -- C:\Users\FUNUR\Desktop\journal-details_2013-04-12_15-57-53.pdf
[2013.04.12 15:29:03 | 000,000,004 | ---- | C] () -- C:\Users\FUNUR\AppData\Roaming\skype.ini
[2013.04.11 17:12:32 | 000,000,731 | ---- | C] () -- C:\Users\FUNUR\Desktop\IvAi - IVAO Interface.lnk
[2013.04.10 17:08:40 | 000,000,761 | ---- | C] () -- C:\Users\FUNUR\Desktop\IvAc - IVAO Virtual ATC Client.lnk
[2013.03.27 21:02:15 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.27 21:02:15 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.03.27 21:01:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.25 20:11:18 | 004,033,305 | ---- | C] () -- C:\Users\FUNUR\Desktop\swiss lips.mp3
[2013.03.21 19:08:27 | 000,002,104 | ---- | C] () -- C:\Users\Public\Desktop\TrackIR v5.lnk
[2012.11.09 16:04:42 | 000,224,644 | ---- | C] () -- C:\ProgramData\1352469743.bdinstall.bin
[2012.11.09 15:47:47 | 000,663,823 | ---- | C] () -- C:\ProgramData\1352468543.bdinstall.bin
[2012.10.29 13:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.08.28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.08.28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.08.28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.08.28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.29 20:11:03 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\DBCDBF32.DLL
[2012.05.29 20:11:03 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\dbcmdb32.dll
[2012.05.29 20:11:03 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\dbcjpg32.dll
[2012.05.29 20:11:03 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\DBCMEM32.DLL
[2012.05.29 20:11:03 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dbcgeo32.dll
[2012.05.24 19:04:51 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\zlib1i.dll
[2012.05.12 13:37:17 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\msilgv32.dll
[2012.05.08 09:41:21 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2012.01.11 10:15:50 | 000,066,048 | ---- | C] () -- C:\Users\FUNUR\AppData\Roaming\skype.dat
[2012.01.10 19:08:42 | 000,095,636 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.12.15 19:20:02 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll
[2011.12.15 19:17:22 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.12.15 19:17:19 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.12.15 19:06:44 | 000,039,968 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.12.15 19:05:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.15 19:05:41 | 000,027,873 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Bitte um hilfe

Alt 13.04.2013, 14:31   #2
aharonov
/// TB-Ausbilder
 
Bundespolizei Virus Österreich kein abgesicheter modus - Standard

Bundespolizei Virus Österreich kein abgesicheter modus



Hi,

Schritt 1 entsperrt den Rechner, so dass du die weiteren Schritte wieder im normalen Modus ausführen kannst.


Schritt 1

Erstelle zuerst auf einem Zweitrechner das Fixskript:
  • Drücke dazu bitte die + R Taste, schreibe "notepad" in das Ausführen Fenster und drücke OK.
  • Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
    (Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.)
    Code:
    ATTFilter
    :OTL
    O20 - HKU\S-1-5-21-3159596304-311636187-174254376-1000 Winlogon: Shell - (C:\Users\FUNUR\AppData\Roaming\skype.dat) - C:\Users\FUNUR\AppData\Roaming\skype.dat ()
    [2013.04.13 09:23:38 | 000,000,004 | ---- | M] () -- C:\Users\FUNUR\AppData\Roaming\skype.ini
    
    :commands
    [emptytemp]
             
  • Speichere dann die Datei als fix.txt auf den USB-Stick, wo die OTL.exe liegt.
Danach führe folgendermassen den Fix aus:
  • Schliesse den USB-Stick wieder an den infizierten Rechner an und starte diesen in den abgesicherten Modus mit Eingabeaufforderung.
  • Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
    e:\OTL.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
    Es sollte sich nun das Fenster von OTL öffnen.
  • Klicke auf den Fix Button.
  • Drücke dann OK, um den Fix von einem File zu laden.
  • Wähle die erstellte fix.txt auf dem USB-Stick aus. Ihr Inhalt wird in die Textbox eingefügt.
  • Klicke nun erneut auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach einem Neustart versuche wieder in den normalen Modus zu booten.
  • Auf deinem USB-Stick sollte im Ordner _OTL ein Log-File (\_OTL\MovedFiles\<time_date>.txt) erstellt worden sein.
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button.
  • Bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Falls Defogger zu einem Neustart auffordert, bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt.
  • Nur falls Probleme aufgetreten sind, poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!



Schritt 3

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
  • Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
  • Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
  • Schliesse bitte alle anderen Programme.
  • Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Sollte sich ein Fenster mit folgender Warnung öffnen
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    dann klicke unbedingt auf No.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Show all
  • Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
  • Starte den Scan mit einem Klick auf Scan.
  • Mache gar nichts am Computer, während der Scan läuft!
  • Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
  • Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
  • Füge bitte den Inhalt des Logfiles hier in deine Thread ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.



Schritt 4

Verschiebe die OTL.exe auf den Desktop und starte sie.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von Gmer
  • Log von OTL
__________________

__________________

Alt 17.04.2013, 21:46   #3
aharonov
/// TB-Ausbilder
 
Bundespolizei Virus Österreich kein abgesicheter modus - Standard

Bundespolizei Virus Österreich kein abgesicheter modus



Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.
__________________
__________________

Alt 19.04.2013, 15:18   #4
aharonov
/// TB-Ausbilder
 
Bundespolizei Virus Österreich kein abgesicheter modus - Standard

Bundespolizei Virus Österreich kein abgesicheter modus



Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Antwort

Themen zu Bundespolizei Virus Österreich kein abgesicheter modus
babylontoolbar, bho, bildschirm, bonjour, error, fehler, firefox, flash player, format, helper, home, homepage, install.exe, installation, ip-hilfsdienst, jdownloader, object, origin, realtek, registry, rundll, scan, security, software, svchost.exe, tcp, teamspeak, virus, windows



Ähnliche Themen: Bundespolizei Virus Österreich kein abgesicheter modus


  1. Polizei Trojaner (Österreich). Kein abgesicherter Modus möglich - Finale Kontrolle
    Log-Analyse und Auswertung - 27.01.2014 (7)
  2. Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich!
    Log-Analyse und Auswertung - 11.01.2014 (15)
  3. Bundespolizei Trojaner - anscheinend neueste Version - kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (7)
  4. Polizei Trojaner (Österreich). Kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 02.07.2013 (27)
  5. Weißer Bildschirm(Bundespolizei) Virus, kein abgesicherter Modus
    Log-Analyse und Auswertung - 16.05.2013 (11)
  6. Bundespolizei, Trojaner, Windows XP, Kein Taskmanager, kein abgesicherter Modus
    Log-Analyse und Auswertung - 14.04.2013 (20)
  7. Bundespolizei-Virus Version Österreich, kein abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (17)
  8. Shell wird immer zurückgesetzt, kein Login, kein Abgesicherter Modus | Virus OTL Log
    Log-Analyse und Auswertung - 29.12.2012 (0)
  9. Win7 Ukash Bundespolizei kein Zugriff mehr im normalen Modus
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (18)
  10. BKA-Virus: Kein Internet, kein abgesicherter Modus, keine Systemwiederherstellung möglich
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (40)
  11. Probleme mit Bundespolizei-Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 18.08.2012 (27)
  12. Bundespolizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (2)
  13. Bundespolizei Trojaner, kein abgesicherter Modus möglich, WinXP
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (3)
  14. Bundespolizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 18.04.2012 (7)
  15. Bundespolizei Trojaner - ohne Abgesicherten Modus und kein Bios Passwort
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (4)
  16. Bundespolizei-Trojaner und kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 26.03.2012 (27)
  17. Bundespolizei Trojaner Hilfe gesucht, kein abgesicherter Modus, kein CD Laufwerk...
    Plagegeister aller Art und deren Bekämpfung - 14.12.2011 (1)

Zum Thema Bundespolizei Virus Österreich kein abgesicheter modus - Hallo Habe mir den Bundespolizei Virus eingefangen. Weißer Bildschirm kann nichts machen nur 100 € zahlen Abgesichertermodus geht nicht der startet sofort neu. Es geht nur der mit befehlseingabe. Habe - Bundespolizei Virus Österreich kein abgesicheter modus...
Archiv
Du betrachtest: Bundespolizei Virus Österreich kein abgesicheter modus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.