| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner DomaIQWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.04.2013, 21:04
| #1 |
| |  Trojaner DomaIQ Hallo Als ich gestern einen Film übers Internet schauen wollte, wurde, von mir erst unbemerkt, ein Download gestartet. Möglicherweise habe ich die Datei installiert, glaube aber nicht dran. Neben diesem waren in der Liste der installierten Programme einige weitere (Namen wie Yontoo, Tugluu oder delta-search, außerdem zwei, die mit "microsoft .Net framework" begannen) aufgeführt. Ich habe alle, bis auf eins, das sich nicht löschen ließ, entfernt. Trotzdem habe ich immernoch den delta-search-Browser und mehrere fehlgeschlagene systemwiederherstullungen, dazu beim Hochfahren heute die Meldung, mein Touchpad funktioniere nicht, es geht trotzdem. Außerdem waren die Windows-Version nicht aktuell (ich bin recht sicher, dass meine vorher ktuell war), die -Firewall deaktiviert (vielleicht meine Schuld), mein Antivirusprogramm und Fireewall deaktiviert (sind normalerweise immer an) und beim anschließenden Scan wurde ein Virus namens Trojan.JS.Iframe.gem gefunden. Seitdem suche ich nach Tipps, wie ich meinen Pc wieder in unbefallenen Zustand bekomme. Wenn die Systemwiederherstellung nicht funktioniert, hilft dann das Zurücksetzen auf die Werkseinstellungen auch nicht? Oder ist mein Pc schon sauber? Ich habe die Programme, die ihr in der Anleitun zum Posten nennt, benutzt und folgende Reports erhalten: OTL: OTL logfile created on: 16.04.2013 18:58:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Schneiderlein\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,95 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,72% Memory free 7,90 Gb Paging File | 5,90 Gb Available in Paging File | 74,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445,25 Gb Total Space | 295,70 Gb Free Space | 66,41% Space Free | Partition Type: NTFS Drive D: | 16,35 Gb Total Space | 1,77 Gb Free Space | 10,84% Space Free | Partition Type: NTFS Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,32% Space Free | Partition Type: FAT32 Computer Name: KLATSCHE | User Name: Schneiderlein | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.16 18:57:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schneiderlein\Desktop\OTL.exe PRC - [2013.03.23 15:19:04 | 004,270,640 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2013.01.29 22:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2013.01.29 21:35:36 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012.09.06 11:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2012.06.11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe PRC - [2011.06.28 10:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe PRC - [2011.06.15 17:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011.05.05 23:06:46 | 000,263,496 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2011.05.05 23:06:28 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011.05.05 23:06:02 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.04.30 00:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.04.08 12:01:16 | 000,586,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2011.04.08 12:01:16 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2011.02.01 23:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.01 23:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ========== Modules (No Company Name) ========== MOD - [2013.03.26 11:04:33 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013.03.26 11:04:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.03.26 11:04:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.03.25 18:54:57 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6fd278018f0cf369362fc810f8aefcb5\IAStorCommon.ni.dll MOD - [2013.03.25 18:54:56 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cae4b1b6c8423f80d1f86eae7fd8203\IAStorUtil.ni.dll MOD - [2013.03.25 18:43:47 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.03.25 18:43:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.03.25 18:43:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.03.25 18:43:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.03.25 18:43:28 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.03.25 18:43:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.03.23 15:19:04 | 004,270,640 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2011.07.16 06:06:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.05.08 12:25:40 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.02.28 19:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.29 22:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012.11.22 16:35:22 | 000,828,072 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2012.09.06 11:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2012.06.11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate) SRV - [2012.06.11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc) SRV - [2011.06.08 00:21:54 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.05.05 23:06:46 | 000,263,496 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.04.08 12:01:16 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2011.02.19 00:37:00 | 002,372,096 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011.02.16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV - [2011.02.01 23:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.01 23:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.10.11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.13 12:49:42 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2012.11.15 22:06:08 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.16 06:16:26 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.07.16 06:16:26 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.06.10 04:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.06.08 00:21:58 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.05.08 12:58:06 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.05.08 11:50:14 | 000,301,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.04.26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.04.19 11:32:50 | 001,488,448 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2011.04.15 21:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.02.15 21:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011.01.27 07:35:26 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.07.28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.11.22 16:35:36 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{3BC70585-04B1-4BF3-BD1B-E829876E5EDA}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{3BC70585-04B1-4BF3-BD1B-E829876E5EDA}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=B40DE4D53D398878 IE - HKCU\..\SearchScopes,DefaultScope = {23301432-1DCB-4575-80D1-CB6AC447C53E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=B40DE4D53D398878 IE - HKCU\..\SearchScopes\{23301432-1DCB-4575-80D1-CB6AC447C53E}: "URL" = hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&q={searchTerms}&gu=ebee460e37d84dfbaecea929235e68db&tu=10G90007D1B000v&sku=&tstsId=&ver=&&r=823 IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{3BC70585-04B1-4BF3-BD1B-E829876E5EDA}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.03.23 14:48:25 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{77BEC163-D389-42c1-91A4-C758846296A5}: C:\PROGRAM FILES\VIDEO DOWNLOADER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.03.23 14:48:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{77BEC163-D389-42c1-91A4-C758846296A5}: C:\Program Files\Video downloader\Firefox [2013.03.23 14:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Delta Search (Enabled) CHR - default_search_provider: search_url = hxxp://www1.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=B40DE4D53D398878 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter} CHR - homepage: hxxp://www1.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=B40DE4D53D398878 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\Schneiderlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Schneiderlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Schneiderlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\Schneiderlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Website Logon = C:\Users\Schneiderlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\ CHR - Extension: Gmail = C:\Users\Schneiderlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.6\bh\zonealarm.dll (Montera Technologeis LTD) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.6\zonealarmTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SetDefault] C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEC40818-AAD7-44BB-A706-39D4809E9697}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2013.04.16 18:57:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schneiderlein\Desktop\OTL.exe [2013.04.15 20:59:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.15 20:55:24 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\player [2013.04.15 20:55:19 | 000,000,000 | ---D | C] -- C:\Windows\IswTmp [2013.04.15 20:48:53 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\Programs [2013.04.15 20:48:50 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\SwvUpdater [2013.04.15 20:48:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.04.15 20:48:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.04.15 20:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.04.15 20:48:06 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Babylon [2013.04.15 20:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.04.02 20:39:30 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\Adobe [2013.04.02 20:39:04 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\Desktop\Aktuelles [2013.04.01 22:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} [2013.04.01 22:36:03 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\Diagnostics [2013.03.23 17:04:16 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\LolClient [2013.03.23 16:39:00 | 000,000,000 | ---D | C] -- C:\Riot Games [2013.03.23 16:17:31 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\Desktop\Temporäres [2013.03.23 16:13:01 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\Desktop\Anwendungen [2013.03.23 15:19:11 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\PMB Files [2013.03.23 15:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013.03.23 15:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.03.23 15:18:41 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\.swt [2013.03.23 15:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arasan 14.1 [2013.03.23 15:17:19 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BabasChess [2013.03.23 15:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\°Eigene Programme [2013.03.23 15:14:05 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Skype [2013.03.23 15:14:01 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.03.23 15:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.03.23 15:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.03.23 15:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.03.23 15:10:40 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\vlc [2013.03.23 15:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.23 14:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.03.23 14:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.03.23 14:55:19 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\Google [2013.03.23 14:54:39 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\Apps [2013.03.23 14:54:37 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\Deployment [2013.03.23 14:52:12 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\CrashDumps [2013.03.23 14:48:28 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\Documents\ForceField Shared Files [2013.03.23 14:48:27 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\CheckPoint [2013.03.23 14:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2013.03.23 14:48:15 | 000,611,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013.03.23 14:48:15 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys [2013.03.23 14:48:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.03.23 14:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2013.03.23 14:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\°Eigene Programme [2013.03.23 14:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.23 14:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Point Software Technologies LTD [2013.03.23 14:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2013.03.23 14:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2013.03.23 14:35:52 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Macromedia [2013.03.23 14:34:35 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Adobe [2013.03.23 14:25:38 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\ATI [2013.03.23 14:25:38 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\ATI [2013.03.23 14:24:38 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Intel Corporation [2013.03.23 14:24:36 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Synaptics [2013.03.23 14:24:36 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\hpqLog [2013.03.23 14:24:24 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.23 14:24:24 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\Searches [2013.03.23 14:24:24 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.23 14:24:17 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Identities [2013.03.23 14:24:15 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\Contacts [2013.03.23 14:24:14 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\VirtualStore [2013.03.23 14:23:52 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\RemEngine [2013.03.23 14:21:11 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Hewlett-Packard [2013.03.23 14:21:09 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\Hewlett-Packard [2013.03.23 14:21:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%COREALLUSERPATH% [2013.03.23 14:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services [2013.03.23 14:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos [2013.03.23 14:20:55 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\Hewlett-Packard_Company [2013.03.23 14:20:54 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\AuthenTec [2013.03.23 14:20:22 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Symantec [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\Vorlagen [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\AppData\Local\Verlauf [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\AppData\Local\Temporary Internet Files [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\Startmenü [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\SendTo [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\Recent [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\Netzwerkumgebung [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\Lokale Einstellungen [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\Documents\Eigene Videos [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\Documents\Eigene Musik [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\Eigene Dateien [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\Documents\Eigene Bilder [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\Druckumgebung [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\Cookies [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\AppData\Local\Anwendungsdaten [2013.03.23 14:19:57 | 000,000,000 | -HSD | C] -- C:\Users\Schneiderlein\Anwendungsdaten [2013.03.23 14:19:56 | 000,000,000 | --SD | C] -- C:\Users\Schneiderlein\AppData\Roaming\Microsoft [2013.03.23 14:19:56 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\Videos [2013.03.23 14:19:56 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\Saved Games [2013.03.23 14:19:56 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\Pictures [2013.03.23 14:19:56 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\Music [2013.03.23 14:19:56 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.23 14:19:56 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\Links [2013.03.23 14:19:56 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\Favorites [2013.03.23 14:19:56 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\Downloads [2013.03.23 14:19:56 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\Documents [2013.03.23 14:19:56 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\Desktop [2013.03.23 14:19:56 | 000,000,000 | R--D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.23 14:19:56 | 000,000,000 | -H-D | C] -- C:\Users\Schneiderlein\AppData [2013.03.23 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\Temp [2013.03.23 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Local\Microsoft [2013.03.23 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\Schneiderlein\AppData\Roaming\Media Center Programs [2013.03.23 14:19:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.23 14:19:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.23 14:19:44 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.23 14:19:44 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.23 14:19:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.23 14:19:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.23 14:19:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.23 14:19:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.23 14:19:44 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.23 14:19:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.23 14:19:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.23 13:15:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2013.04.16 19:00:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.16 18:57:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schneiderlein\Desktop\OTL.exe [2013.04.16 18:55:52 | 000,000,000 | ---- | M] () -- C:\Users\Schneiderlein\defogger_reenable [2013.04.16 18:54:44 | 000,050,477 | ---- | M] () -- C:\Users\Schneiderlein\Desktop\Defogger.exe [2013.04.16 18:29:51 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.16 18:29:51 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.16 18:21:33 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.16 18:20:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.16 18:20:51 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys [2013.04.15 21:10:09 | 000,641,712 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.15 21:10:09 | 000,605,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.15 21:10:09 | 000,125,408 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.15 21:10:09 | 000,102,582 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.15 20:55:00 | 001,589,182 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.15 20:54:56 | 001,589,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.15 20:50:49 | 000,012,329 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat [2013.04.14 15:16:09 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSchneiderlein.job [2013.04.11 12:57:15 | 000,271,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 17:00:33 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.04.07 13:17:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.04.01 22:49:22 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2013.03.29 08:53:29 | 000,007,579 | ---- | M] () -- C:\Windows\SysWow64\SystemData.xml [2013.03.24 02:24:29 | 000,007,599 | ---- | M] () -- C:\Users\Schneiderlein\AppData\Local\Resmon.ResmonCfg [2013.03.23 15:10:35 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.23 14:53:25 | 000,417,507 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2013.03.23 14:19:01 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat [2013.03.23 13:18:20 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.03.23 13:18:20 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf ========== Files Created - No Company Name ========== [2013.04.16 18:55:52 | 000,000,000 | ---- | C] () -- C:\Users\Schneiderlein\defogger_reenable [2013.04.16 18:54:42 | 000,050,477 | ---- | C] () -- C:\Users\Schneiderlein\Desktop\Defogger.exe [2013.04.15 20:54:59 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.07 13:17:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.04.01 22:49:22 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2013.04.01 22:45:25 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForSchneiderlein.job [2013.03.29 08:53:29 | 000,007,579 | ---- | C] () -- C:\Windows\SysWow64\SystemData.xml [2013.03.24 15:09:53 | 000,012,329 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat [2013.03.24 02:24:29 | 000,007,599 | ---- | C] () -- C:\Users\Schneiderlein\AppData\Local\Resmon.ResmonCfg [2013.03.23 15:10:35 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.23 14:56:22 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.23 14:55:32 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.23 14:55:29 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.23 14:48:31 | 000,417,507 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2013.03.23 14:24:32 | 000,001,405 | ---- | C] () -- C:\Users\Schneiderlein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.03.23 14:24:28 | 000,001,439 | ---- | C] () -- C:\Users\Schneiderlein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.23 14:20:57 | 000,002,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk [2013.03.23 13:15:13 | 3180,220,416 | -HS- | C] () -- C:\hiberfil.sys [2011.09.23 01:45:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.23 01:41:15 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011.09.23 01:37:47 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.09.23 01:34:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.07.15 20:46:03 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011.06.10 04:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.05.13 07:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.15 20:48:06 | 000,000,000 | ---D | M] -- C:\Users\Schneiderlein\AppData\Roaming\Babylon [2013.03.23 14:48:27 | 000,000,000 | ---D | M] -- C:\Users\Schneiderlein\AppData\Roaming\CheckPoint [2013.03.23 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\Schneiderlein\AppData\Roaming\LolClient [2013.04.15 21:07:09 | 000,000,000 | ---D | M] -- C:\Users\Schneiderlein\AppData\Roaming\player [2013.03.23 14:24:36 | 000,000,000 | ---D | M] -- C:\Users\Schneiderlein\AppData\Roaming\Synaptics ========== Purity Check ========== < End of report > ----------------------------------------------------------------------------------------- Extras: OTL Extras logfile created on: 16.04.2013 18:58:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Schneiderlein\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,95 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,72% Memory free 7,90 Gb Paging File | 5,90 Gb Available in Paging File | 74,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445,25 Gb Total Space | 295,70 Gb Free Space | 66,41% Space Free | Partition Type: NTFS Drive D: | 16,35 Gb Total Space | 1,77 Gb Free Space | 10,84% Space Free | Partition Type: NTFS Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,32% Space Free | Partition Type: FAT32 Computer Name: KLATSCHE | User Name: Schneiderlein | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\°Eigene Programme\Tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\°Eigene Programme\Tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\°Eigene Programme\Tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\°Eigene Programme\Tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D77A5F3-BC87-4D99-BA52-02FA68CEAAF3}" = lport=137 | protocol=17 | dir=in | app=system | "{0ECCC20E-DCDE-4A81-B363-A1A1C341C277}" = rport=445 | protocol=6 | dir=out | app=system | "{11DCDD18-CCD2-4E58-9287-DCABFDD74681}" = rport=138 | protocol=17 | dir=out | app=system | "{1782DBB2-1CE5-44D2-8D43-A12EEDB812AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{252CE338-AB86-4FD9-9931-BDB917ED7986}" = rport=139 | protocol=6 | dir=out | app=system | "{2F5A32ED-3420-45E2-B3AD-A4C64A494163}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3BE79BF6-6945-4EDB-B3A8-5BEBE920A842}" = lport=138 | protocol=17 | dir=in | app=system | "{5DF49249-70A1-46A7-8809-3F23755FA5A6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{70253C24-8EDF-428A-AF3F-75AF34F43894}" = lport=2869 | protocol=6 | dir=in | app=system | "{89D3609C-CBC2-4C3D-A45C-64FFA2A567C1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8C020207-E5D3-43E5-919C-3A4FE41575C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8C72E176-E8D5-4722-A552-AF7BAB24EE8E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{928EC54F-4A40-478E-962C-67AD55AD7F18}" = lport=10243 | protocol=6 | dir=in | app=system | "{9988E0D3-2AC4-47DA-AC48-8E975C15312E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9C15B58D-9603-472A-A97E-ADF96F62FFD9}" = rport=10243 | protocol=6 | dir=out | app=system | "{A24678A7-172B-4E0E-A4CB-EB17EA132D7C}" = lport=139 | protocol=6 | dir=in | app=system | "{B13CBD55-0E13-4318-AB58-11845F69797D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{BE63F1F7-825E-49B3-A9B1-14612D26DD92}" = rport=137 | protocol=17 | dir=out | app=system | "{C4A2DABF-FBF1-4787-ABC3-D5438723E707}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{CA89098C-8438-486F-ABCB-11019F1C49CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CD3191E5-88E7-4407-85FC-57D35B8F7CE0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DEB84920-4BEB-4D93-9FF4-38E32EC77841}" = lport=445 | protocol=6 | dir=in | app=system | "{FBAFC778-A297-4D06-B15E-FFCCD55E93CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FF2CC679-939A-447A-80AC-900482C79D75}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{008F03CD-8D9B-40F8-844D-0E000A73A848}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{02DCF5F4-EDCB-414E-82BF-E39E6DB26B7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0A8F0BFD-AC43-46EF-B88F-86A2068DF10A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{0D139159-CB1C-4E4B-9A43-995215D4BCA0}" = protocol=58 | dir=in | app=system | "{0D17EB02-460A-4B20-8387-7BCE9FD46090}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{13BD873A-EEDF-4E45-BE22-186A9E7B5C6C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2C545E73-E8C0-4CDF-B065-BA02BF594D31}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{2E27061F-99C0-4A53-8EAB-7BCAC38F5F5A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{36E5983C-F972-41EF-A32E-A1F8486423BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{386016D5-5282-43FC-9A34-C6812AEE515B}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | "{46B1D476-1F52-4F27-9746-1E6AFA2A1ABB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5295AE6D-6767-436B-8E6A-48575A38F832}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{554AF29F-1C49-4DAE-B155-29BEEDBD4A4F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{56120E1D-6B07-40D6-93E2-3A4F85C169D9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{69F4F9ED-FEC7-42C0-B0AC-EB8C125D3A46}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{753D08BD-7233-47F7-A077-6604FC1D9897}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{76D5DDE5-52B2-4FF6-A5B3-A51C9D2A756D}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{80A255A3-6CF8-49E0-B714-47FF9EBE607F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{85428D9F-85EC-43FA-8D26-EB50FE262318}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AD1CFE31-809C-4E2B-9E48-C1770875DB60}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{AD5D445D-6A3F-4B0A-A788-23C8904D4B88}" = protocol=6 | dir=out | app=system | "{B1DEEE37-DDC7-4079-832E-6E5A93EB7E60}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B322C05E-F736-4AE7-AF2B-CC5F36951451}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | "{C085AFF1-5246-4058-A211-DF6F84A35EC4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C333D32F-F851-4243-9D19-8CDDFAE04629}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C6FC53F9-E248-4E2A-BBDF-6BDF8CD14C8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C8B25757-ECB4-4AFC-BEFE-1D6647A2C9E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D3D89D8F-2944-48B8-8F76-3E59A847EC2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D45DAC73-9DAB-4C50-BBEE-FB3C39198687}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F3EC1711-6A72-40A8-A899-17F1024ED190}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F8B0423C-9153-47AD-9110-DD98F4F744F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{FD51A5BC-54CD-4261-971E-52D4E6E82C43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4F1190CB-24CC-29DC-3C85-CD8CFDDE045F}" = ccc-utility64 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box "{B066BF95-890E-A532-A58F-D13E0805DC04}" = ATI Catalyst Install Manager "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "SynTPDeinstKey" = Synaptics TouchPad Driver "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03A3841B-038A-ADE1-A06A-158EAFF68A9E}" = Catalyst Control Center Profiles Mobile "{04A92BE5-E791-E374-01CB-B88CBFC1E8D1}" = PX Profile Update "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{09D5AC17-7B7A-D201-7CA6-3F16D99828FB}" = CCC Help Hungarian "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C4C413A-9751-48BE-78DC-80248F8B306F}" = CCC Help Japanese "{0F68E4AE-E8BA-1E4F-0CCA-B8678477A5CC}" = Catalyst Control Center "{16456401-9621-4F3D-836A-59EA425C471D}" = ZoneAlarm Security "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{1CFC5FB4-2ACB-870F-043A-638919624D4E}" = CCC Help English "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{24507E82-750C-3658-7C50-D5B7A1E27CCC}" = CCC Help Russian "{24ADC5BE-8B82-426F-8779-2308B54B00EE}" = ZoneAlarm Antivirus "{28448C64-6562-6D8C-2F76-8DF399956955}" = Catalyst Control Center Localization All "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2942CAF8-0934-96C2-5FC0-2ED331D0530A}" = CCC Help Italian "{2F2CA8CC-814B-67C1-CF19-A8A1A2A503C5}" = CCC Help Korean "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}" = HP SimplePass PE 2011 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33F88EFD-5661-7FA7-C638-FD6496A0BF2E}" = CCC Help Swedish "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup "{510446D7-2344-B59F-4CA5-66F5381D09FC}" = CCC Help Polish "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{737B13C5-990B-4339-8A4D-0FFEBBC3DB17}" = ZoneAlarm Firewall "{73FBB960-1893-0F86-8EC1-DD0527D3ABCA}" = CCC Help Turkish "{7F969F54-1D7F-5DA1-A9E2-59FC0A5F0FE0}" = Catalyst Control Center Graphics Previews Common "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter "{909DC555-322F-8A35-2550-6FC2E2EDFA23}" = CCC Help Finnish "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}" = BabasChess "{949D6B51-10E8-4CD4-A81E-064E38240415}" = Catalyst Control Center - Branding "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95E5798A-9827-92AD-5201-1E9B25819886}" = CCC Help Chinese Traditional "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display "{9CDE574D-5471-24A1-07DC-0B0F06810E11}" = CCC Help Thai "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAA79CA2-D65D-966B-48C2-D6C16433482C}" = Catalyst Control Center InstallProxy "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{ABEF00D0-FCAE-4E47-8D4E-D4AE5FD72B15}" = HP Quick Launch "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B479B52B-4DE8-23FC-93CA-186D600F4A52}" = CCC Help Norwegian "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0 "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C1A2F65D-720B-82A0-10F6-4FEE797880BB}" = CCC Help German "{C1BF14DC-3A45-8E0B-41C6-30E6D30F9968}" = CCC Help Chinese Standard "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7861B58-149A-4546-AD1D-798865EF36CF}" = CCC Help Portuguese "{CBA9A6BF-1837-F0A4-79B6-15936EDC68AA}" = CCC Help Spanish "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework "{D2FFFA5E-FEA5-073B-C371-3B3628D9A453}" = CCC Help French "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager "{DD75B28A-94C3-97C2-C389-EA6BF1C809B7}" = CCC Help Danish "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE15C5EC-7C30-44BF-ACEB-03960FC5601D}" = HP Documentation "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DFFB2B20-5D76-335C-2C24-CEF3791B30B8}" = CCC Help Dutch "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E7160D4F-B709-DFE4-9BF2-BB1C38598CF9}" = CCC Help Greek "{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver "{F70B153C-55D6-550A-7F50-6E09D99B1D7A}" = CCC Help Czech "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Arasan_is1" = Arasan 14.1 "EasyBits Magic Desktop" = Magic Desktop "Google Chrome" = Google Chrome "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "VIP Access SDK" = VIP Access SDK (1.0.1.2) "VLC media player" = VLC media player 1.1.9 "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials "WTA-005af271-c143-42fa-8974-58f7ee67917a" = Mah Jong Medley "WTA-129bdf76-a0c9-4dce-ba02-c90317142feb" = Mystery of Mortlake Mansion "WTA-140c8940-43ee-4237-a075-dbd2f5f9ac7e" = Chronicles of Albian "WTA-1539e007-aca6-4ccc-aa47-dfc0dbe73469" = Slingo Deluxe "WTA-202790ae-36ca-46e4-9c62-3e0a8ec8da10" = Farm Frenzy "WTA-2392d1da-ebfd-4a23-8f6e-24122084c906" = Cradle of Rome 2 "WTA-4eaf005f-ef42-48df-83f8-e6e2c18d804d" = Agatha Christie - Peril at End House "WTA-6d79f6c5-94ac-434a-896a-70a262f57885" = Cake Mania "WTA-75a129e6-3d18-4e24-9198-edad03db57a1" = Bejeweled 3 "WTA-7e641ae8-9930-4497-a366-80fa6fae93b6" = Zuma Deluxe "WTA-87e08b22-a9d3-4a1c-b1e0-547308059480" = Jewel Quest: The Sleepless Star - Collector's Edition "WTA-8cdc521f-1814-4469-a0c0-0c4ee3092449" = Plants vs. Zombies - Game of the Year "WTA-a70f4aaa-e209-4855-adc6-ecbe426fb291" = Jewel Quest Solitaire "WTA-ad36f2e7-3eb3-449c-863f-481e89978b6a" = FATE "WTA-aee88314-5d63-454b-8e12-be6dfd78bab4" = Vacation Quest - The Hawaiian Islands "WTA-d4819468-1ddf-4a7f-abeb-0d353a780e19" = Penguins! "WTA-d5c296e2-ecaf-4011-983d-d5eb0264fa9e" = Polar Bowler "WTA-dba1fe26-675e-4a18-8561-b8a52f1d2c02" = Virtual Villagers - The Secret City "WTA-e58473be-a898-4b08-a9dc-ad2a2f34351d" = Blasterball 3 "WTA-eeacb5c5-3051-403e-a905-b2f07a5e64cf" = Bounce Symphony "WTA-f3ef00d6-9d43-4dac-b514-c1e703bf9a4b" = Chuzzle Deluxe "WTA-fc6ac1c3-5feb-4f02-8b0f-afa10d55e100" = Governor of Poker 2 Premium Edition "WTA-fdb9e171-f605-483b-9e60-4b78b576aba3" = Namco All-Stars: PAC-MAN "ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 28.03.2013 11:52:32 | Computer Name = Klatsche | Source = WinMgmt | ID = 10 Description = Error - 29.03.2013 02:53:04 | Computer Name = Klatsche | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 29.03.2013 02:53:04 | Computer Name = Klatsche | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 29.03.2013 02:53:04 | Computer Name = Klatsche | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 29.03.2013 02:53:04 | Computer Name = Klatsche | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 29.03.2013 06:28:20 | Computer Name = Klatsche | Source = WinMgmt | ID = 10 Description = Error - 29.03.2013 08:53:42 | Computer Name = Klatsche | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 01.04.2013 16:32:49 | Computer Name = Klatsche | Source = WinMgmt | ID = 10 Description = Error - 01.04.2013 16:53:49 | Computer Name = Klatsche | Source = ATIeRecord | ID = 16398 Description = ATI EEU failed to post message to CCC Error - 01.04.2013 16:55:03 | Computer Name = Klatsche | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 27.03.2013 15:12:28 | Computer Name = Klatsche | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden. Error - 27.03.2013 15:12:29 | Computer Name = Klatsche | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden. Error - 27.03.2013 15:12:29 | Computer Name = Klatsche | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden. Error - 27.03.2013 15:53:15 | Computer Name = Klatsche | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AMD External Events Utility erreicht. Error - 27.03.2013 18:39:40 | Computer Name = Klatsche | Source = DCOM | ID = 10010 Description = Error - 06.04.2013 16:00:31 | Computer Name = Klatsche | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error - 10.04.2013 13:51:57 | Computer Name = Klatsche | Source = DCOM | ID = 10016 Description = Error - 10.04.2013 13:51:57 | Computer Name = Klatsche | Source = DCOM | ID = 10016 Description = Error - 10.04.2013 13:51:58 | Computer Name = Klatsche | Source = DCOM | ID = 10016 Description = Error - 10.04.2013 13:51:58 | Computer Name = Klatsche | Source = DCOM | ID = 10016 Description = < End of report > Ich würde außerdem gerne wissen, wie ich den Text in ein kleines Fenster bekomme   fürs Lesen, bis dann |
| Themen zu Trojaner DomaIQ |
| autorun, bho, bingbar, domaiq, downloader, error, explorer, failed, firefox, flash player, format, helper, home, homepage, igdpmd64.sys, install.exe, internet, kaspersky, launch, logfile, nvidia, object, pando media booster, plug-in, realtek, registry, rundll, scan, security, services.exe, software, tarma, trojaner, unbemerkt, werkseinstellungen, wildtangent games |
Baum-Darstellung