Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: appround.net Virus 2

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.04.2013, 16:37   #1
wazkov
 
appround.net Virus 2 - Standard

appround.net Virus 2



Moin,

mein Name ist Tim und ich habe dasselbe Problem wie Zauberhut hier schon geschildert hat, unter demselben Titel.

Die Lösung die mit ihm erarbeitet wurde scheint mir sehr individuell, deswegen würde ich gerne meine logs hier reinstellen unud hoffe jemand schaut da mal drüber und sagt mir was ich machen könnte. Mein technischen Kenntnisse sind sehr begrenzt bis nicht vorhanden und alles was ich im Netz über appround gelesen habe klang nicht gut und keine der Seiten, die Hilfe anboten schien mir seriös. (bis auf diese hier!)

Zum Problem: ein Pop-up mit der Adresse appround.net..... taucht nach ein paar Minuten als Tab auf und es ist entweder Werbung für PC-Beschleuniger, Video-Converter oder sowas.

Alles scheint mir viel langsamer zu sein und manche bekannte Seiten (Kicker, SZ, Zeit,..) brauchen richtig lange um aufzubauen.

Das Pop-up taucht in schöner Regelmäßigkeit beim Surfen immerwieder auf, insebsondere z.B. beim anklicken einzelner Artikel. Wie man es löschen kann weiß ich leider nicht und konnte ich mir auch nicht "ersurfen".

Habe alles so gemacht wie es hier erklärt wird (Defogger, OTL, gmer), wenn man ein neues Thema erstellt und stelle mal die Logs rein. Ich hoffe mir kann jemand helfen.

Vielen Dank,

Tim

Alt 17.04.2013, 13:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appround.net Virus 2 - Standard

appround.net Virus 2



Hallo und

Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.04.2013, 17:14   #3
wazkov
 
appround.net Virus 2 - Standard

appround.net Virus 2



OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.04.2013 19:29:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wazkov\Downloads\uploaded
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 54,73% Memory free
7,99 Gb Paging File | 6,04 Gb Available in Paging File | 75,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 35,14 Gb Free Space | 12,32% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Wazkov | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.15 10:30:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wazkov\Downloads\uploaded\OTL.exe
PRC - [2013.04.13 08:04:58 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.04.11 13:27:49 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
PRC - [2013.03.07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Wazkov\AppData\Local\Akamai\netsession_win.exe
PRC - [2011.10.26 20:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010.03.09 01:56:08 | 000,258,560 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010.03.05 00:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2010.03.04 07:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.04 07:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.04 07:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.13 08:04:57 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.04.11 13:27:48 | 016,032,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.03.09 02:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2009.05.21 00:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.03.18 08:17:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.13 16:40:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.13 08:04:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.11.03 09:39:47 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.03.05 00:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.03.04 07:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.02.05 21:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.10.10 04:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.07 01:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.03.07 01:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.03.07 01:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.03.07 01:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.03.07 01:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.03.07 01:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.03.07 01:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.03.07 01:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.09 09:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.04.07 11:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.03.25 04:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.03.20 05:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010.03.18 11:24:24 | 006,405,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.18 07:21:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.02.14 02:52:02 | 002,203,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.01.28 20:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.12.22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.11.12 15:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.11.05 14:04:42 | 000,513,600 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF9035BDA)
DRV:64bit: - [2009.10.16 12:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.24 03:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2007.05.14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009.11.12 15:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm82&r=27361110s0b6l0450z135f45l1b30n
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1&cf=80fc57da-2040-11e1-ad80-00262da3fd87
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A886440A-0BF1-46DE-B710-2DDD2A783A54}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm82&r=27361110s0b6l0450z135f45l1b30n
IE - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=skyp&ocid=skydhp
IE - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=80fc57da-2040-11e1-ad80-00262da3fd87&q={searchTerms}
IE - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\..\SearchScopes\{A886440A-0BF1-46DE-B710-2DDD2A783A54}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE404
IE - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\..\SearchScopes\{D4A6CCA0-764F-4C80-8DDD-E9C7B6B27959}: "URL" = hxxp://de.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110729,16987,0,8,0
IE - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.sz.de"
FF - prefs.js..extensions.enabledAddons: coollrcs%40coolzone.co:1.110
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013.03.22 14:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 08:04:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.13 08:04:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\coollrcs@coolzone.co: C:\Program Files (x86)\CoolLyrics\FF\ [2013.04.13 16:48:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 08:04:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.13 08:04:51 | 000,000,000 | ---D | M]
 
[2010.11.03 11:34:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wazkov\AppData\Roaming\mozilla\Extensions
[2013.04.13 17:00:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wazkov\AppData\Roaming\mozilla\Firefox\Profiles\v80o94z6.default-1346864359568\extensions
[2013.04.13 16:46:14 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\Wazkov\AppData\Roaming\mozilla\Firefox\Profiles\v80o94z6.default-1346864359568\extensions\amo@dealplyshopping.com
[2013.04.13 08:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.13 08:04:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.13 16:48:01 | 000,000,000 | ---D | M] ("Cool Lyrics") -- C:\PROGRAM FILES (X86)\COOLLYRICS\FF
[2013.04.13 08:04:58 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.18 14:28:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 12:12:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 14:28:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 14:28:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.04 23:57:36 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.06.18 14:28:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 14:28:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\Wazkov\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Cool Lyrics) - {7C5D7930-FACC-4A25-AE26-51DDA83F3D75} - C:\Program Files (x86)\CoolLyrics\coolrcs.dll (CoolZone)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DealPly) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Wazkov\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKU\S-1-5-21-609013171-3702366753-2972859162-1000\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Mobile Connection Manager] C:\Program Files (x86)\o2\Mobile Connection Manager\emmsn.exe (Telefónica I+D)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-609013171-3702366753-2972859162-1000..\Run: [Akamai NetSession Interface] C:\Users\Wazkov\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-609013171-3702366753-2972859162-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-609013171-3702366753-2972859162-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-609013171-3702366753-2972859162-1000..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Beschleunigen\PCSpeedUp.lnk ()
O4 - HKU\S-1-5-21-609013171-3702366753-2972859162-1000..\Run: [Spotify] "C:\Users\Wazkov\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found
O4 - HKU\S-1-5-21-609013171-3702366753-2972859162-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Wazkov\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Wazkov\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C8845FF-D4C1-4E52-AF9B-6D0D3B308A00}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C92BA8F-1C87-4942-AA31-042EBC62A703}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.08 15:38:22 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{0062957e-a57b-11e0-8e5f-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{0062957e-a57b-11e0-8e5f-001e101f2b52}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{16528763-ca4b-11e0-9d29-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{16528763-ca4b-11e0-9d29-001e101fb4df}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4b681a9a-a272-11e0-aaed-00262da3fd87}\Shell - "" = AutoRun
O33 - MountPoints2\{4b681a9a-a272-11e0-aaed-00262da3fd87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d0f4c61b-a284-11e0-ab79-00262da3fd87}\Shell - "" = AutoRun
O33 - MountPoints2\{d0f4c61b-a284-11e0-ab79-00262da3fd87}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f81adc83-ee7c-11e0-a717-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{f81adc83-ee7c-11e0-a717-001e101f1838}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.13 17:01:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.13 16:48:29 | 000,000,000 | ---D | C] -- C:\Users\Wazkov\AppData\Roaming\0C1I1L1R1J0M1P0I1G
[2013.04.13 16:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoolLyrics
[2013.04.13 16:46:41 | 000,000,000 | ---D | C] -- C:\Users\Wazkov\Qtrax
[2013.04.13 16:46:36 | 000,000,000 | ---D | C] -- C:\Users\Wazkov\AppData\Local\Downloaded Installations
[2013.04.13 16:46:13 | 000,000,000 | ---D | C] -- C:\Users\Wazkov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[2013.04.13 16:44:31 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.13 16:44:14 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.13 08:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.11 04:49:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.11 04:49:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.11 04:49:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 04:49:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 04:49:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.11 04:49:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.11 04:49:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.11 04:49:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.11 04:49:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.11 04:49:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.11 04:49:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.11 04:49:51 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 04:49:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 04:49:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 04:49:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 05:36:45 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 05:36:44 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 05:36:39 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 05:36:39 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 05:36:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 05:36:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 05:36:03 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 05:36:01 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 05:36:00 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 05:35:58 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 05:35:58 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 05:35:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.08 15:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2013.04.08 15:57:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Autodesk
[2013.04.08 15:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DWG TrueView 2014
[2013.04.08 15:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2013.04.08 15:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2013.04.08 15:57:27 | 000,000,000 | ---D | C] -- C:\Users\Wazkov\AppData\Local\Autodesk
[2013.04.08 15:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2013.04.08 15:43:13 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013.04.08 15:43:13 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013.04.08 15:43:13 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013.04.08 15:43:13 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013.04.08 15:43:12 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013.04.08 15:43:12 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013.04.08 15:43:12 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2013.04.08 15:43:12 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2013.04.08 15:43:10 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2013.04.08 15:43:10 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2013.04.08 15:43:08 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2013.04.08 15:43:08 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2013.04.08 15:43:08 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013.04.08 15:43:08 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013.04.08 15:43:07 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2013.04.08 15:43:07 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013.04.08 15:41:13 | 000,000,000 | ---D | C] -- C:\Users\Wazkov\AppData\Roaming\Autodesk
[2013.04.08 15:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2013.04.08 15:34:29 | 000,000,000 | ---D | C] -- C:\Users\Wazkov\AppData\Local\Akamai
[2013.03.31 14:32:28 | 000,000,000 | ---D | C] -- C:\Users\Wazkov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.31 14:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.23 14:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.21 19:00:49 | 000,000,000 | ---D | C] -- C:\Autodesk
[2013.03.21 18:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IGC
[2013.03.21 18:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer
[2013.03.19 21:34:10 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2012.01.20 17:12:34 | 024,043,023 | ---- | C] (Portable                                                    ) -- C:\Program Files\Virtual DJ v7.0 PRO Portable (Registred).exe
[2011.07.01 12:05:36 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\msvcp71.dll
[2011.07.01 12:05:36 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\msvcr71.dll
[2011.07.01 12:05:36 | 000,020,480 | ---- | C] (Exact Software Belgium) -- C:\ProgramData\ProAcc.ver
[2011.07.01 12:05:34 | 000,335,872 | ---- | C] (Solid Data) -- C:\ProgramData\OutcomeCompanies.dll
[2011.07.01 12:05:34 | 000,188,416 | ---- | C] (Solid Data NV) -- C:\ProgramData\ModelGen.exe
[2011.07.01 12:05:34 | 000,024,576 | ---- | C] (Solid Data) -- C:\ProgramData\SDCoreSystem.dll
[2011.07.01 11:35:10 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp71.dll
[2011.07.01 11:35:10 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2011.07.01 11:35:08 | 000,335,872 | ---- | C] (Solid Data) -- C:\Program Files\OutcomeCompanies.dll
[2011.07.01 11:35:08 | 000,024,576 | ---- | C] (Solid Data) -- C:\Program Files\SDCoreSystem.dll
[2011.07.01 11:35:07 | 000,188,416 | ---- | C] (Solid Data NV) -- C:\Program Files\ModelGen.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.15 19:27:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.15 19:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.15 19:10:47 | 000,000,000 | ---- | M] () -- C:\Users\Wazkov\defogger_reenable
[2013.04.15 18:40:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.15 16:54:52 | 000,023,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 16:54:52 | 000,023,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 16:47:58 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.15 16:47:42 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Cool Lyrics Update.job
[2013.04.15 14:05:14 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.15 10:40:21 | 001,650,980 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.15 10:40:21 | 000,711,114 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.15 10:40:21 | 000,664,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.15 10:40:21 | 000,154,174 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.15 10:40:21 | 000,126,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.13 16:46:41 | 000,000,000 | ---- | M] () -- C:\end
[2013.04.13 16:44:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.13 16:44:03 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.04.13 16:44:03 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.04.13 16:44:03 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.13 16:44:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.13 16:44:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.13 16:40:17 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.13 16:40:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.11 13:22:24 | 000,518,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.09 15:50:34 | 001,628,874 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.08 15:59:01 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\DWG TrueView 2014.lnk
[2013.03.31 14:31:33 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013.03.22 14:58:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.03.21 18:14:32 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\Free DWG Viewer.lnk
[2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
 
========== Files Created - No Company Name ==========
 
[2013.04.15 19:10:47 | 000,000,000 | ---- | C] () -- C:\Users\Wazkov\defogger_reenable
[2013.04.13 16:48:01 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\Cool Lyrics Update.job
[2013.04.13 16:46:26 | 000,000,000 | ---- | C] () -- C:\end
[2013.04.08 15:59:01 | 000,002,147 | ---- | C] () -- C:\Users\Public\Desktop\DWG TrueView 2014.lnk
[2013.03.22 14:58:24 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.03.22 14:58:23 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.03.21 18:14:32 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\Free DWG Viewer.lnk
[2012.11.18 11:02:31 | 000,007,680 | ---- | C] () -- C:\Users\Wazkov\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.20 11:22:28 | 000,038,499 | ---- | C] () -- C:\Users\Wazkov\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012.02.20 11:22:24 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.14 21:05:39 | 000,000,222 | ---- | C] () -- C:\Windows\wininit.ini
[2011.07.18 14:00:26 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011.07.02 20:26:01 | 000,017,408 | ---- | C] () -- C:\Users\Wazkov\AppData\Local\WebpageIcons.db
[2011.07.01 12:05:36 | 011,909,120 | ---- | C] () -- C:\ProgramData\ProAcc.lbr
[2011.07.01 12:05:36 | 000,911,360 | ---- | C] () -- C:\ProgramData\ProAcc2104.oif
[2011.07.01 12:05:36 | 000,911,360 | ---- | C] () -- C:\ProgramData\ProAcc2103.oif
[2011.07.01 12:05:36 | 000,030,720 | ---- | C] () -- C:\ProgramData\BeheerConstantenForf.lbr
[2011.07.01 12:05:35 | 000,911,360 | ---- | C] () -- C:\ProgramData\ProAcc2101.oif
[2011.07.01 12:05:35 | 000,890,880 | ---- | C] () -- C:\ProgramData\ProAcc2100.oif
[2011.07.01 12:05:34 | 046,213,120 | ---- | C] () -- C:\ProgramData\ForfRep.lbr
[2011.07.01 12:05:34 | 009,159,680 | ---- | C] () -- C:\ProgramData\Intrastat.oif
[2011.07.01 12:05:34 | 000,911,360 | ---- | C] () -- C:\ProgramData\ProAcc2102.oif
[2011.07.01 12:05:34 | 000,665,600 | ---- | C] () -- C:\ProgramData\EDIVAT.lbr
[2011.07.01 12:05:34 | 000,189,440 | ---- | C] () -- C:\ProgramData\Label.ahr
[2011.07.01 12:05:34 | 000,128,000 | ---- | C] () -- C:\ProgramData\EDIVAT.df1
[2011.07.01 12:05:34 | 000,128,000 | ---- | C] () -- C:\ProgramData\Docum_nl_fr_en.ahr
[2011.07.01 12:05:34 | 000,107,520 | ---- | C] () -- C:\ProgramData\Forfait.df1
[2011.07.01 12:05:34 | 000,107,520 | ---- | C] () -- C:\ProgramData\Docum14.ahr
[2011.07.01 12:05:34 | 000,107,520 | ---- | C] () -- C:\ProgramData\Docum13_nl.ahr
[2011.07.01 12:05:34 | 000,107,520 | ---- | C] () -- C:\ProgramData\Docum13_fr.ahr
[2011.07.01 12:05:34 | 000,107,520 | ---- | C] () -- C:\ProgramData\Docum13_en.ahr
[2011.07.01 12:05:34 | 000,107,520 | ---- | C] () -- C:\ProgramData\Docum_en.ahr
[2011.07.01 12:05:34 | 000,087,040 | ---- | C] () -- C:\ProgramData\Docum_nl.ahr
[2011.07.01 12:05:34 | 000,087,040 | ---- | C] () -- C:\ProgramData\Docum_fr.ahr
[2011.07.01 12:05:34 | 000,051,200 | ---- | C] () -- C:\ProgramData\PageSetups.lbr
[2011.07.01 12:05:34 | 000,030,720 | ---- | C] () -- C:\ProgramData\Rappel.ahr
[2011.07.01 12:05:34 | 000,030,720 | ---- | C] () -- C:\ProgramData\PROOPTIONS.lbr
[2011.07.01 12:05:34 | 000,000,349 | ---- | C] () -- C:\ProgramData\OMNIS7.exe.config
[2011.07.01 11:35:10 | 000,030,720 | ---- | C] () -- C:\Program Files\BeheerConstantenForf.lbr
[2011.07.01 11:35:08 | 046,213,120 | ---- | C] () -- C:\Program Files\ForfRep.lbr
[2011.07.01 11:35:08 | 009,159,680 | ---- | C] () -- C:\Program Files\Intrastat.oif
[2011.07.01 11:35:08 | 000,665,600 | ---- | C] () -- C:\Program Files\EDIVAT.lbr
[2011.07.01 11:35:08 | 000,189,440 | ---- | C] () -- C:\Program Files\Label.ahr
[2011.07.01 11:35:08 | 000,128,000 | ---- | C] () -- C:\Program Files\EDIVAT.df1
[2011.07.01 11:35:08 | 000,128,000 | ---- | C] () -- C:\Program Files\Docum_nl_fr_en.ahr
[2011.07.01 11:35:08 | 000,107,520 | ---- | C] () -- C:\Program Files\Forfait.df1
[2011.07.01 11:35:08 | 000,107,520 | ---- | C] () -- C:\Program Files\Docum14.ahr
[2011.07.01 11:35:08 | 000,107,520 | ---- | C] () -- C:\Program Files\Docum13_nl.ahr
[2011.07.01 11:35:08 | 000,107,520 | ---- | C] () -- C:\Program Files\Docum13_fr.ahr
[2011.07.01 11:35:08 | 000,107,520 | ---- | C] () -- C:\Program Files\Docum13_en.ahr
[2011.07.01 11:35:08 | 000,107,520 | ---- | C] () -- C:\Program Files\Docum_en.ahr
[2011.07.01 11:35:08 | 000,087,040 | ---- | C] () -- C:\Program Files\Docum_nl.ahr
[2011.07.01 11:35:08 | 000,087,040 | ---- | C] () -- C:\Program Files\Docum_fr.ahr
[2011.07.01 11:35:08 | 000,051,200 | ---- | C] () -- C:\Program Files\PageSetups.lbr
[2011.07.01 11:35:08 | 000,030,720 | ---- | C] () -- C:\Program Files\Rappel.ahr
[2011.07.01 11:35:08 | 000,030,720 | ---- | C] () -- C:\Program Files\PROOPTIONS.lbr
[2011.07.01 11:35:08 | 000,000,349 | ---- | C] () -- C:\Program Files\OMNIS7.exe.config
[2010.11.03 13:41:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.07.21 20:52:21 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Telefónica
[2013.04.13 16:48:29 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\0C1I1L1R1J0M1P0I1G
[2013.04.08 15:58:57 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\Autodesk
[2010.11.03 14:51:45 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\Canneverbe Limited
[2013.03.01 13:47:51 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\cef-cache
[2012.11.17 17:18:24 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\Dropbox
[2011.07.21 17:55:32 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\DVDVideoSoft
[2010.11.03 15:34:10 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.20 10:10:59 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\IGC
[2012.03.10 18:12:04 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\loadtbs
[2011.11.18 17:09:34 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\OpenCandy
[2010.11.18 17:27:41 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\OpenOffice.org
[2012.08.17 19:08:51 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\PacificPoker
[2012.08.17 16:41:32 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\Party
[2011.02.12 18:55:56 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\SNS
[2011.06.29 19:12:56 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\Telefónica
[2011.08.01 19:10:13 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\TerraTec
[2012.03.01 20:14:56 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\toolplugin
[2012.12.08 19:12:00 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\Tropico 3
[2013.04.14 10:08:38 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\uTorrent
[2011.12.06 21:29:01 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\VshareComplete
[2012.05.18 14:26:40 | 000,000,000 | ---D | M] -- C:\Users\Wazkov\AppData\Roaming\Windows SideBar
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


[/CODE]

Extras.txt:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.04.2013 19:29:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wazkov\Downloads\uploaded
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 54,73% Memory free
7,99 Gb Paging File | 6,04 Gb Available in Paging File | 75,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 35,14 Gb Free Space | 12,32% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Wazkov | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-609013171-3702366753-2972859162-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1152C5A5-9D4D-4B21-8951-3141E6FAB252}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{195D92D3-9F52-4861-8F03-CB31171124A5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1B69ACE2-46DB-41F2-B5AD-F58E13EA1B71}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1E4404BA-63BE-4142-9039-02287016F3CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1F94882C-C0BD-4A68-B26C-D430DE15EE75}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{226033E1-DE95-4CB5-9F27-68D8C61FB62D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2BEB0AD1-5108-4F51-A9A5-A0850294C54A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{309AF59B-D76C-44E4-94AE-C86EA5985D35}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{339C067C-2B0C-4A36-9892-E68E9BCC749C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{395ACA71-EED2-41BC-8EE8-96AFC8BF7CF1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3E1ECF3F-1A86-4350-9588-5DAFED84352E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{41BA2D06-A2B7-4D4E-B811-A46673ED7E7E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4EE9B28C-BD30-452B-8D85-605A2325B723}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{55F706FD-7229-4F91-8BE1-EC74C10B4B09}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5CAA2216-9A45-43F9-AE35-E0E3095D8A72}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{60EB63BD-01DD-4536-B4B0-13622EF893ED}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6297528F-7DBA-40E1-98A6-F44EC3AD2E54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{77E23A5A-3D09-4F69-8905-3CB86A46FD61}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{884C3F07-E2DD-4FD5-B680-F861AE150201}" = lport=137 | protocol=17 | dir=in | app=system | 
"{89309941-F533-4E5C-8B11-3CCE1188E476}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A8D711B-66C4-4F53-9CA5-718F1BDEBF73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8D50A1CE-79A0-4082-82DA-36DA86E62D56}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9BFDB604-FE35-456F-A0D6-19AC491337F0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A01D715E-6FB4-4199-8A5D-78FBE873CE5D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A6CA9058-841E-400A-8EBF-967B63A3E40D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AB08B51A-9B6E-48AE-908C-C286634CAE65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AE8625D5-2E2F-45E1-9DE8-56241746506A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B8B5848B-8D3B-4C40-8EF6-A296CA1EDD1D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C460D9E1-6D3A-4834-BD86-E8257C1D56C2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CCE1E146-EA95-48E4-80DD-DC5E4C63391D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D99EAB26-103D-45A1-AD40-1810D08CD9D9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E762E868-FB9D-4124-A022-1C79D7965D62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ED13B527-BFAE-4394-BC1B-D26A820F5452}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FB40A6C6-C3F0-4739-A591-701080E0C90E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011EA7D1-E5B1-425F-B212-79C0995CA91D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{01C61A62-3DB5-451F-9E9B-A5998EE6CB8D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{05F0F3CE-F97B-4E4B-A633-B607A65ABD16}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{091E314A-60BB-4746-B27B-854500F7B39A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{097AE602-E95D-4359-8262-C67101C75DA4}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{0B5F0809-6317-448C-BDB1-368E9F3D4877}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0EA51E8F-C113-4AA7-B172-3DA3744438E7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{11EF4961-7B2E-4C1F-AF51-D2DB5507DD03}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{17F6CE24-666D-4DC1-A91E-AC8959A17982}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{189F2287-A688-4AE1-ADB7-72FBEE480BA7}" = protocol=6 | dir=in | app=c:\users\wazkov\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1974CE15-F7CB-4A20-981F-511F7DE8BBE0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{1AD9F2AC-4C00-46A6-B85A-C195F9B3D5CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{375BB166-43F2-4BCB-B6C3-0DA0A82841A0}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{3B1C48BE-E444-4639-A144-DBE7B7FD5D7F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3B91B7E5-BBCD-4629-80A1-5F73C65C42BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{43EFC9F0-E1FE-4F8F-A18C-675FED0EEB7B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{570E419D-B09A-463E-A190-DE5030EE5459}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5A7BC002-0ECF-438B-856C-A2391B0F73F6}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicator.exe | 
"{5D9CC822-DA81-4582-A310-EDC6347F53FD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5E6C5902-1208-47E0-8A10-9F8BBE21BADF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{61A25A16-0729-41AB-8992-254C9B652849}" = protocol=6 | dir=out | app=system | 
"{6DD11FC2-6309-4D56-97D0-FD94FABFE19B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7BEF9D5A-C5BE-45DE-9056-184A4C4BD8FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{86F8A7E4-E24F-4744-8B26-EE739F3D1B39}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe | 
"{964E5771-3622-43F4-9111-476204174EA7}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicator.exe | 
"{96EC58C7-0334-4883-B8C6-E1B5D591AA9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{98B22578-3CE0-4353-83CA-69C5C4F69895}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\devicesetup.exe | 
"{9AE3897E-4818-4F9C-8681-946C98B3E3DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9C53AE28-4090-40EA-A74C-0DB2CACFA304}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A09BD579-7D7C-4000-AA09-3BF892814340}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{A1959797-503B-4C06-940D-73BD39E3286E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{A52E6696-0DD4-4F2D-943B-2B050519A303}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A584A980-6A91-4B9B-9929-55B6CAEAFE34}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\devicesetup.exe | 
"{A861C696-DFEE-4DE4-B76C-CEA51B190F30}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{A86EE598-573F-4093-A038-6ADF288A9056}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{ACC1E247-B888-4658-B1ED-1F51C109EDD7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CC6D6FC3-6002-4B15-BAFA-E19F5AE2CF87}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CE9ED2B4-6BB3-442D-A810-EB38CD12DBA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D475DC74-E7C3-4756-8197-1CF572FDB448}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{DAE94794-2861-4885-BE13-188159EAAF8C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E060DC6D-33D3-4925-9CE0-3C608B62466F}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{E1545D65-F3ED-4F5A-9F32-163CA38E554C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E3173261-4D59-446D-8847-41EECBEE2399}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB2F97F7-DEB3-4B40-AF7F-042DBD1CECB4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F15E77BF-8B1B-4B3B-BF10-AD588E1E75B3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F5253B79-A323-4258-A9B7-7AF1D2662173}" = protocol=17 | dir=in | app=c:\users\wazkov\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F62BFB81-ECA6-4ABF-BC82-D1BDCFE4A84E}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe | 
"{FD03AE8E-E2CA-4B08-BEAB-A9DA367F6AC4}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"TCP Query User{004B677C-7A29-4E14-968F-F9CF809F57FE}C:\users\wazkov\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\wazkov\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{12470422-0A92-44BD-9570-C2E197BACD00}C:\users\wazkov\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\wazkov\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{22BCC067-4F03-4FC9-8EF8-32C674CC794B}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{2899C54C-6970-4413-B4FC-7CFC477E4E51}C:\users\wazkov\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\wazkov\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{5200FE10-2AA0-4B65-90CB-E8A340660525}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{5252F6C0-23E8-457F-904F-F3A0273BA315}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{52ADC610-4294-402B-B7CE-D7201E8095F7}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{7499F4D7-0AFE-4E2C-8B38-0137B226E90A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{75D47E61-421A-4A12-9F8F-4B42C6A7C135}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{870C7287-3F43-4608-9205-5D5D260206FE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{A4B0DB59-0EC6-4112-A54D-54F7DEC2076F}C:\program files (x86)\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"TCP Query User{B1594B4C-61A6-421B-B0F9-A9E196B725D7}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{DD3141D7-46C3-4C2D-BF64-3664B0BA6528}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{E87CF375-1E4C-4119-8C62-76E5EFAE9C74}C:\users\wazkov\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\wazkov\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{EED58055-6810-46E2-A198-A63F3BC90104}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{0AAD579C-A328-454B-A203-9A9AE11D50DE}C:\users\wazkov\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\wazkov\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{1FED52A4-A165-493D-A668-B0B3A377630B}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{21B56D36-518E-428B-8702-ADC6B3309764}C:\program files (x86)\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"UDP Query User{3F707335-616E-4F5C-857D-B8A102CA86BE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{56352A59-C325-4719-A316-A2BB755D1C5E}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{58C521CD-B2CF-4080-9CD3-C5A29FCF2919}C:\users\wazkov\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\wazkov\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{593CD072-4A56-4E9C-9C96-A03526B6C756}C:\users\wazkov\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\wazkov\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{7EF0B8B6-D459-49DA-A441-EDB6CB4DF061}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{974A33F1-417F-4E82-B9D9-4E660FFC4FFB}C:\users\wazkov\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\wazkov\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{A2382369-B676-4DD0-B3BD-6EF0BB992BB0}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{A7539402-364D-42A0-8864-53BE962E894D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{B3D229D5-C473-411E-975F-A87CFC5FD894}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{C08802D9-8B6F-4A98-ABC8-8FC20AA04374}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{C611B97A-CB1B-4955-A139-1062540923F0}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{F16EFE81-798A-496C-8DBE-C72A1721EFEF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{377672F0-6B8A-467D-8DDC-79338BCCD531}" = 64 Bit HP CIO Components Installer
"{42281103-DF49-8A45-C960-977096F29F45}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-D028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2014
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C71F039-AD9F-496E-985E-0A6DC3A41717}" = HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6F43CF39-8B2F-546B-57E3-4803E935C465}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DWG TrueView 2014" = Autodesk DWG TrueView 2014
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15424D99-B708-54FD-94EC-997BE1976918}" = CCC Help Japanese
"{1DCEE28F-CEDA-ADBA-DE41-1377ADD42DD3}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24041742-5275-464C-9A87-45C8028B4F38}" = ProAcc
"{2552055A-7121-346E-F287-C0E7CC1BB36E}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{327AD686-FD94-F270-C0C9-D379ACC3CCA3}" = CCC Help Russian
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CABCB73-0ABE-9578-A11C-6888ECF5D6D7}" = CCC Help Portuguese
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3DCF232A-B152-4375-B840-F19D866A316D}" = Catalyst Control Center Graphics Full New
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F34DE3B-887D-72A9-FCFE-2676B2EDBE67}" = CCC Help Thai
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B30D670-AA94-3DAC-965D-CA8FED631DA3}" = Catalyst Control Center Graphics Previews Common
"{5F65AB3C-FCF3-E10B-3203-26F3C133F036}" = CCC Help Chinese Standard
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{64CFDAC9-C358-88FE-E0E3-B33ED5C8AB2C}" = CCC Help Norwegian
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{654A65DA-7173-4B51-ACEB-F855201EE033}" = HP Deskjet 3000 J310 series Hilfe
"{702A9675-C93C-6914-7B90-8056525349A7}" = Catalyst Control Center Graphics Light
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7661AFE4-1F7A-8B5C-D395-3A8B682F106A}" = CCC Help Korean
"{77D3B22B-CB40-19AE-5A7D-9256E9862010}" = Catalyst Control Center Core Implementation
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7A555AD4-057E-EB0B-3C2D-82658AA1B190}" = CCC Help English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81FC1368-171E-4151-E3E1-D63C8CF1F150}" = CCC Help Polish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570AE7F-183B-44A6-AC03-416C0B8B1000}" = SA31xx Device Manager & Media Converter
"{85DD738D-6572-53AA-E570-50D0D0842722}" = Catalyst Control Center Graphics Full Existing
"{86141D3B-58F6-D4E9-809E-05032F1C09BE}" = CCC Help Swedish
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{97DA45B6-451C-A4B8-897F-106E2B3B6E2F}" = CCC Help Dutch
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A26840C5-95D5-BB10-700A-304AA9F4AF92}" = CCC Help Greek
"{A385939C-3DE9-5568-D8B0-3972BA293DC7}" = CCC Help German
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B284EA3C-8391-5648-BFC4-800A44D01ADA}" = ccc-core-static
"{B2F1B278-B685-1112-F051-AD05C5946C0D}" = CCC Help French
"{B3A0945A-1A84-BD5C-D33A-F4DC811FCCCC}" = CCC Help Chinese Traditional
"{B4060669-4633-038A-8A50-E05D1F54929E}" = CCC Help Czech
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.1
"{BC171806-3828-33E5-289C-9609C5BC59DF}" = Catalyst Control Center Localization All
"{BDE26FB2-E880-BFF9-3A85-18D70FC44D8D}" = Catalyst Control Center InstallProxy
"{C31501D8-8267-A455-D269-85FBDBE2BFC3}" = CCC Help Italian
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C75A193A-D403-5707-7D32-166DF4EA47DD}" = CCC Help Spanish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4905980-7A59-8CE0-1336-EBC0338DAC1B}" = CCC Help Hungarian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E572B060-C98B-4984-A48E-E4FA56265903}" = SA31xx Device Manager & Media Converter
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F98098D2-8822-1B1D-6771-945669046216}" = CCC Help Danish
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Cinergy T-Stick MKII" = Cinergy T-Stick MKII V9.06.3.01
"coollrcs@coolzone.co" = Cool Lyrics
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FC Screensaver_is1" = FC Screensaver
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"HP Photo Creations" = HP Photo Creations
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.05.00.00
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"loadtbs-2.1" = loadtbs-2.1
"Metaboli" = Metaboli
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"o2DE" = Mobile Connection Manager
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"PartyPoker" = PartyPoker
"toolplugin" = toolplugin
"Tropico3" = Tropico 3 1.00
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"VLC media player" = VLC media player 2.0.5
"vShare.tv plugin" = vShare.tv plugin 1.3
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT078791" = Bejeweled 2 Deluxe
"WT078806" = Insaniquarium Deluxe
"WT078833" = Zuma Deluxe
"WT078960" = Blasterball 3
"WT078964" = Bob the Builder Can-Do-Zoo
"WT079020" = Faerie Solitaire
"WT079024" = FATE - The Traitor Soul
"WT079064" = Jewel Quest
"WT079068" = Jewel Quest Solitaire 3
"WT079108" = Penguins!
"WT079116" = Polar Bowler
"WT079120" = Polar Golfer
"WT079124" = Polar Pool
"WT079177" = Virtual Villagers - A New Home
"WT079184" = Yahtzee
"WT079363" = Build-a-lot 2
"WT079366" = Chicken Invaders 3 - Revenge of the Yolk
"WT079395" = Escape Rosecliff Island
"WT079397" = Mahjongg Artifacts
"WT079421" = Virtual Families
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-609013171-3702366753-2972859162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"ClickMeIn Packages" = ClickMeIn Packages
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.12.2011 18:19:54 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.12.2011 04:08:08 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.12.2011 10:20:56 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.12.2011 10:46:16 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.12.2011 13:32:43 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.12.2011 03:22:19 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.12.2011 03:31:59 | Computer Name = Laptop | Source = Windows Backup | ID = 4103
Description = 
 
Error - 27.12.2011 09:34:44 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.12.2011 09:48:45 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 27.12.2011 12:35:14 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Media Center Events ]
Error - 28.11.2012 03:44:08 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 08:44:08 - Fehler beim Herstellen der Internetverbindung.  08:44:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.11.2012 03:44:28 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 08:44:13 - Fehler beim Herstellen der Internetverbindung.  08:44:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.12.2012 12:42:56 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 17:42:56 - Fehler beim Herstellen der Internetverbindung.  17:42:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.12.2012 12:43:06 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 17:43:02 - Fehler beim Herstellen der Internetverbindung.  17:43:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.01.2013 13:14:17 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 18:14:17 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
[ OSession Events ]
Error - 25.11.2011 05:39:24 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8022
 seconds with 4440 seconds of active time.  This session ended with a crash.
 
Error - 29.08.2012 14:34:07 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.12.2012 17:44:23 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.04.2013 03:19:37 | Computer Name = Laptop | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{52224653-37A3-4593-9B91-639834C8FEF7} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 13.04.2013 11:06:58 | Computer Name = Laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 13.04.2013 11:08:19 | Computer Name = Laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 13.04.2013 20:41:50 | Computer Name = Laptop | Source = volsnap | ID = 393222
Description = Die Schattenkopie von Volume "C:" konnte kein neues Pageheap erstellen.
 Dem System steht nicht ausreichend virtueller Speicher zur Verfügung.
 
Error - 13.04.2013 21:05:24 | Computer Name = Laptop | Source = volsnap | ID = 393231
Description = Die Schattenkopien von Volume "C:" wurden aufgrund unzureichendem 
Pageheap abgebrochen.
 
Error - 14.04.2013 05:40:16 | Computer Name = Laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 14.04.2013 05:41:45 | Computer Name = Laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 15.04.2013 02:44:22 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
Error - 15.04.2013 10:45:52 | Computer Name = Laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 15.04.2013 10:47:48 | Computer Name = Laptop | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---


[/CODE]
__________________

Alt 18.04.2013, 17:30   #4
wazkov
 
appround.net Virus 2 - Standard

appround.net Virus 2



Moin,

Vielen Dank für die schnelle Antwort.

Windows professional: ich bin selbstständig und arbeite viel mit einem belgischen Unternehmen zusammen. Die sagten mir, ich soll mir professional holen um mit einer VPN Verbindung auf den Server zugreifen zu können. Da hatte ich auch noch keine Probleme mit.

Ich habe vor ein paar Tagen einen Scan mit Avast durchgeführt, mit Fund. Mir wurde empfohlen einen Startzeitscan durchzuführen, ebenfalls mit Fund, jeweils in den Container verschoben.

Vieleicht bin ich zu doof, aber ich kann bei Avast die Logdateien nicht finden.
Ich kann die Prüfergebnisse sehen, aber wenn ich auf Supportdateien/Logdateien generieren bekomme ich einen Haufen Dateien, mit denen ich ehrlich gesagt nichts anfangen kann. und von denen auch keine explizit Logdateien heißt.

Außerdem läuft noch Spybot und CC Cleaner. Da habe ich aber schon ewig nichts mehr mit gemacht.

Die OLT Dateien als Codes, die GMER datei war zu groß dafür.

Vielen Dank das man sich kümmert, wenn das appround.net Ding weg ist, könnt Ihr Euch auf eine Spende verlassen.

Tim

Alt 19.04.2013, 00:11   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appround.net Virus 2 - Standard

appround.net Virus 2



Zitat:
Windows professional: ich bin selbstständig und arbeite viel mit einem belgischen Unternehmen zusammen. Die sagten mir, ich soll mir professional holen um mit einer VPN Verbindung auf den Server zugreifen zu können. Da hatte ich auch noch keine Probleme mit.
Dann muss ich erstmal das hier posten:


Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.
Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.04.2013, 13:14   #6
wazkov
 
appround.net Virus 2 - Standard

appround.net Virus 2



Hallo Cosinus,

50 € Spende ist erledigt. Habe meinen Benutzernamen mit angegeben.

Zum Rechner: Ich nutze ihn sowohl privat als auch geschäftlich, bin wohl sowas wie die typische Ich-AG. Über die Verbindung zum Server in Belgien komme ich nicht an heikle Daten, sondern nur die üblichen Marketinggeschichten und Unterlagen die ich benötige, sowie meinen E-Mail Account über die Firma.

Ich hoffe, es ist für Euch okay so.

Viele Grüße,
Tim

Alt 19.04.2013, 15:13   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appround.net Virus 2 - Standard

appround.net Virus 2



Zitat:
50 € Spende ist erledigt. Habe meinen Benutzernamen mit angegeben.
Huiii

Bitte aber an die Daten denken, die in den Logs von dir stehen könnten


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.04.2013, 18:00   #8
wazkov
 
appround.net Virus 2 - Standard

appround.net Virus 2



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wazkov :: LAPTOP [administrator]

19.04.2013 17:57:15
mbar-log-2013-04-19 (17-57-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31607
Time elapsed: 14 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 27
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{DB1F5554-582C-4F53-82CC-458D2C04A2F1} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DB1F5554-582C-4F53-82CC-458D2C04A2F1} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\loadtbs-2.1 (PUP.LoadTubes) -> Delete on reboot.

Registry Values Detected: 5
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;áÃzÊ;XA³0öm»Áµ -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: VShareTB -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data:  -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data:  -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Data:  -> Delete on reboot.

Registry Data Items Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1&cf=80fc57da-2040-11e1-ad80-00262da3fd87) Good: (hxxp://www.google.com) -> Delete on reboot.

Folders Detected: 2
c:\Users\Wazkov\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Delete on reboot.

Files Detected: 17
c:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\ffmpeg.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Wazkov\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Delete on reboot.

(end)
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.19.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wazkov :: LAPTOP [administrator]

19.04.2013 18:24:55
mbar-log-2013-04-19 (18-24-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31495
Time elapsed: 16 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-19 18:29:37
-----------------------------
18:29:37.448    OS Version: Windows x64 6.1.7601 Service Pack 1
18:29:37.448    Number of processors: 2 586 0x603
18:29:37.448    ComputerName: LAPTOP  UserName: Wazkov
18:29:39.554    Initialize success
18:29:43.938    AVAST engine defs: 13041900
18:29:49.632    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:29:49.632    Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC60F Size: 305245MB BusType: 11
18:29:49.756    Disk 0 MBR read successfully
18:29:49.772    Disk 0 MBR scan
18:29:49.772    Disk 0 Windows 7 default MBR code
18:29:49.788    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13000 MB offset 2048
18:29:49.803    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 26626048
18:29:49.819    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       292143 MB offset 26830848
18:29:49.834    Disk 0 scanning C:\Windows\system32\drivers
18:30:06.854    Service scanning
18:30:37.305    Modules scanning
18:30:37.321    Disk 0 trace - called modules:
18:30:37.352    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
18:30:37.883    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b466a0]
18:30:37.883    3 CLASSPNP.SYS[fffff8800188043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049bf680]
18:30:38.553    AVAST engine scan C:\Windows
18:30:41.861    AVAST engine scan C:\Windows\system32
18:34:07.660    AVAST engine scan C:\Windows\system32\drivers
18:34:21.920    AVAST engine scan C:\Users\Wazkov
18:52:10.840    AVAST engine scan C:\ProgramData
18:55:09.867    Scan finished successfully
18:55:59.163    Disk 0 MBR has been saved successfully to "C:\Users\Wazkov\Downloads\Troja-Board\MBR.dat"
18:55:59.179    The log file has been saved successfully to "C:\Users\Wazkov\Downloads\Troja-Board\aswMBR.txt"
         
Hallo,

ich habe wohl eben was mit der Code Taste verdaddelt.
Noch einmal neu hineinstellen?

Eine kurze Zwischenfrage: bei der aswMBR-Anleitung steht, man soll den Virenscanner deaktivieren. Das habe ich auch gemacht, wurde aber nicht nach der neuesten Virendefinition von Avast gefragt.


Wie soll ich weiter vorgehen? Noch einmal scnannen?

Geändert von cosinus (20.04.2013 um 15:59 Uhr) Grund: CODE-Tags korrigiert

Alt 20.04.2013, 16:00   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appround.net Virus 2 - Standard

appround.net Virus 2



CODE-Tags hab ich korrigiert
Ich vermisse das Log vom tdsskiller
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.04.2013, 17:11   #10
wazkov
 
appround.net Virus 2 - Standard

appround.net Virus 2



Hallo,

die Datei war zu groß, musste sie als Anhang senden.

Windows hat übrigens beim letzten Mal herunterfaren ein Update durchgeführt.

Viele Grüße

Alt 20.04.2013, 17:56   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appround.net Virus 2 - Standard

appround.net Virus 2



Zitat:
17:44:08.0841 0864 Scan started
17:44:08.0841 0864 Mode: Manual;
Du hast den tdsskiller leider falsch eingestellt bitte mit den richtigen Einstellungen nochmal scannen lassen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.04.2013, 07:38   #12
wazkov
 
appround.net Virus 2 - Standard

appround.net Virus 2



Moin,

ich weiß nicht so genau, was ich falsch mache.
Ich habe jetzt direkt nach dem Hochfahren einen Scan gestartet, ohne wie in der Anleitung beschrieben die "change Parameter,additional object" anzuklicken und im Log steht auch "Mode: Manual".
Ich habe weiter nichts gemacht, hochfahren, TDSSkiller.exe, Windows anfrage zulassen, scan starten.

Lasse ich die additional objects weg, keinen Fund, Klicke ich sie an: 4 Funde wie im geposteten Log. Wie gesagt, meine technisches Wissen ist sehr begrenzt, aber ich weiß nicht, wie ich TDSS anders starten soll, oder wovon "Mode: Manual" abhängt.
Es gibt ja auch keine Einstellunugen, o.Ä. an denen man schrauben könnte?

Entschuldige die Extraarbeit mit grenzdebilen Softwaretypen wie mir, aber ich weiß nicht weiter.

Sonnigen Sonntag!

Alt 21.04.2013, 22:04   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appround.net Virus 2 - Standard

appround.net Virus 2



Die Anleitung zum tdsskiller wurde doch verlinkt => http://www.trojaner-board.de/82358-t...tml#post640150
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.04.2013, 16:56   #14
wazkov
 
appround.net Virus 2 - Standard

appround.net Virus 2



Moin,

das meine ich ja, ich mache es genauso wie in der Anleitung beschrieben und am Anfang eines Logs steht immer: Mode: Manual.

Im TDSSkiller mache ich nichts außer Scan drücken. Gibt es irgendwo Einstellungen die ich verändern kann? Habe es jetzt zum zweiten Mal direkt nach dem Hochfahren probiert, kein anderes Programm geöffnet, an keinen Einstellungen etwas verändert und im Log steht Mode: Manual.

Ich habe leider keine Idee, was ich falsch machen könnte und halte mich strikt an die Anleitung.

Viele Grüße

Alt 22.04.2013, 20:23   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
appround.net Virus 2 - Standard

appround.net Virus 2



Zitat:
das meine ich ja, ich mache es genauso wie in der Anleitung beschrieben und am Anfang eines Logs steht immer: Mode: Manual.
Nein, eben nicht!
Lies bitte die verlinkte Anleitung und v.a. die darin enthaltenen Screeshots doch mal richtig:

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu appround.net Virus 2
adresse, appround.net, erstellt, hijack.startpage, klicken, löschen, minuten, pup.loadtubes, pup.vshareredir, richtig, stelle, thema, virus, werbung



Ähnliche Themen: appround.net Virus 2


  1. Vermutung: AppRound.us Virus nach Installation einer Freeware - VBates Funde
    Plagegeister aller Art und deren Bekämpfung - 17.03.2014 (9)
  2. appround.net - Chrome
    Plagegeister aller Art und deren Bekämpfung - 27.02.2014 (9)
  3. AppRound.us entfernen
    Anleitungen, FAQs & Links - 17.02.2014 (2)
  4. appround.net, ad.yieldmanager Fenster tauchen ständig auf! Virus?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (20)
  5. appround.net -Problem , nerviges Pop-Up welches wohl nicht ungefährlich ist?
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (2)
  6. appround.net - Pop up nervt echt Versuch Nr.2
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (11)
  7. appround.net - Pop up nervt echt
    Plagegeister aller Art und deren Bekämpfung - 18.04.2013 (7)
  8. Appround.net Virus
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (17)
  9. Zweites Fenster öffnet sich bei Firefox -appround.biz-Was ist das?
    Plagegeister aller Art und deren Bekämpfung - 29.03.2013 (7)
  10. Virus versenden; virus angriff; virus schützen; rache;
    Log-Analyse und Auswertung - 06.12.2010 (10)
  11. AVG Anti Virus free meldet Virus PSW.Generic7.BWMP, Virus läßt sich nicht beseitigen
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (21)

Zum Thema appround.net Virus 2 - Moin, mein Name ist Tim und ich habe dasselbe Problem wie Zauberhut hier schon geschildert hat, unter demselben Titel. Die Lösung die mit ihm erarbeitet wurde scheint mir sehr individuell, - appround.net Virus 2...
Archiv
Du betrachtest: appround.net Virus 2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.