| cyberpirate | 13.10.2012 09:55 |
So jetzt das neue Log:OTL Logfile: Code:
OTL logfile created on: 13.10.2012 10:46:36 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\cyberpirate\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,75 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 63,15% Memory free
7,50 Gb Paging File | 5,90 Gb Available in Paging File | 78,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,55 Gb Total Space | 36,53 Gb Free Space | 60,32% Space Free | Partition Type: NTFS
Drive D: | 96,40 Gb Total Space | 70,54 Gb Free Space | 73,17% Space Free | Partition Type: NTFS
Drive E: | 99,99 Gb Total Space | 68,84 Gb Free Space | 68,85% Space Free | Partition Type: NTFS
Drive F: | 146,48 Gb Total Space | 85,03 Gb Free Space | 58,05% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 41,74 Gb Free Space | 21,37% Space Free | Partition Type: NTFS
Drive H: | 393,32 Gb Total Space | 211,15 Gb Free Space | 53,68% Space Free | Partition Type: NTFS
Drive I: | 146,48 Gb Total Space | 45,56 Gb Free Space | 31,10% Space Free | Partition Type: NTFS
Drive J: | 1250,78 Gb Total Space | 525,51 Gb Free Space | 42,02% Space Free | Partition Type: NTFS
Drive Z: | 393,32 Gb Total Space | 211,15 Gb Free Space | 53,68% Space Free | Partition Type: NTFS
Computer Name: X4 | User Name: cyberpirate | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.10.12 11:11:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cyberpirate\Desktop\OTL.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.28 02:45:42 | 000,678,912 | ---- | M] (The Document Foundation) -- C:\Program Files (x86)\LibreOffice 3.6\program\soffice.bin
PRC - [2012.07.28 02:45:42 | 000,050,688 | ---- | M] (The Document Foundation) -- C:\Program Files (x86)\LibreOffice 3.6\program\soffice.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.20 19:02:52 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.05.24 23:18:08 | 000,395,344 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011.05.24 23:17:06 | 005,587,608 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011.05.10 18:57:28 | 002,570,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010.09.30 15:16:06 | 002,155,848 | ---- | M] () -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.28 02:37:10 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 3.6\program\libxml2.dll
MOD - [2012.07.28 02:37:10 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 3.6\URE\bin\msci_uno.dll
MOD - [2012.07.28 02:36:54 | 000,961,536 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 3.6\program\cairo.dll
MOD - [2012.07.28 02:36:50 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 3.6\program\libxslt.dll
MOD - [2011.05.24 23:16:26 | 011,204,288 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 05:33:08 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012.07.04 08:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.07.04 01:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.10.12 11:49:24 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 15:21:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.02 13:33:26 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.20 19:02:52 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.01.05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.24 23:19:48 | 001,114,280 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.04.15 18:46:40 | 000,610,816 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010.09.30 15:16:06 | 002,155,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.07.04 08:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.04 07:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.06.30 18:56:19 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.06.23 10:33:50 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.06.20 19:02:52 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2012.06.20 19:02:52 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012.06.20 19:02:51 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012.06.20 19:02:50 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.04.11 03:40:58 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012.04.11 03:40:58 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012.03.30 16:49:08 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.09.02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.06.04 08:34:04 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic)
DRV:64bit: - [2008.06.04 08:34:04 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2008.06.04 08:34:04 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5)
DRV:64bit: - [2008.06.04 08:34:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008.06.04 08:34:02 | 000,159,784 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2008.06.04 08:34:00 | 000,138,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV:64bit: - [2008.06.04 08:33:58 | 000,116,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 9B CA 55 01 4F CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.computerbase.de/"
FF - prefs.js..extensions.enabledAddons: {139a120b-c2ea-41d2-bf70-542d9f063dfd}:2.04.1
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3
FF - prefs.js..extensions.enabledAddons: {9A752782-D706-479b-98F8-3F66BF921692}:9.11
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:6.0
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.3
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.7
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {9A752782-D706-479b-98F8-3F66BF921692}:8.0
FF - prefs.js..extensions.enabledItems: {139a120b-c2ea-41d2-bf70-542d9f063dfd}:2.03.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "193.27.209.200"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\cyberpirate\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\cyberpirate\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.22 00:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 11:49:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: F:\! Eigene Dateien\! ThunderBird\components [2012.08.29 15:23:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: F:\! Eigene Dateien\! ThunderBird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 11:49:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: F:\! Eigene Dateien\! ThunderBird\components [2012.08.29 15:23:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: F:\! Eigene Dateien\! ThunderBird\plugins
[2012.06.21 14:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Extensions
[2012.10.13 10:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Firefox\Profiles\aeig5mkc.default\extensions
[2012.09.20 19:54:09 | 000,000,000 | ---D | M] (URL Link) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Firefox\Profiles\aeig5mkc.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}
[2012.09.20 19:54:09 | 000,000,000 | ---D | M] (Liquid Words) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Firefox\Profiles\aeig5mkc.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2012.09.20 19:54:10 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Firefox\Profiles\aeig5mkc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.10.13 10:10:21 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Firefox\Profiles\aeig5mkc.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.09.20 19:54:27 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Firefox\Profiles\aeig5mkc.default\extensions\firefox@ghostery.com
[2012.09.20 19:54:09 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Firefox\Profiles\aeig5mkc.default\extensions\foxmarks@kei.com
[2012.07.29 10:42:06 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\stealthyextension@gmail.com.xpi
[2011.07.16 15:53:40 | 000,132,344 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
[2012.10.09 12:37:55 | 000,340,256 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.10.11 16:45:07 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.26 07:45:54 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.24 20:40:20 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011.11.01 18:47:06 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.07.26 07:46:02 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.09.13 19:54:02 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.09.15 08:20:18 | 000,045,208 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
[2011.12.28 13:31:20 | 000,000,933 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\11-suche.xml
[2011.12.28 13:31:20 | 000,002,419 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\englische-ergebnisse.xml
[2011.12.28 13:31:20 | 000,010,525 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\gmx-suche.xml
[2010.05.25 19:34:12 | 000,004,440 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\hyperwords.xml
[2011.12.28 13:31:20 | 000,002,457 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\lastminute.xml
[2011.12.02 21:09:08 | 000,002,900 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\liquid-information.xml
[2012.04.03 11:02:24 | 000,002,888 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\liquid-words.xml
[2011.03.27 16:50:50 | 000,005,389 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\ofdb.xml
[2011.12.28 13:31:20 | 000,005,508 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\webde-suche.xml
[2011.10.10 18:40:46 | 000,002,057 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\youtube-videosuche.xml
[2012.10.12 11:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.22 00:20:47 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.10.12 11:49:25 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.12 11:49:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.12 11:49:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.12 11:49:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.12 11:49:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.12 11:49:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.12 11:49:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: ComputerBase
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: ComputerBase
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\cyberpirate\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\cyberpirate\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\cyberpirate\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\cyberpirate\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: Xmarks Bookmark Sync = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: Turn Off the Lights = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.3_0\
CHR - Extension: YouTube = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Tab Menu = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\galfofdpepkcahkfobimileafiobdplb\7_0\
CHR - Extension: AdBlock = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: FlashBlock = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
CHR - Extension: avast! WebRep = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Ghostery = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\
CHR - Extension: Liquid Words : Interactive Text = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\obgbmbflfhnmlelipecbkedechpjeibc\6.0.0.9_0\
CHR - Extension: Late Night = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\
CHR - Extension: Google Mail = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.10.12 12:05:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\cyberpirate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 3.6.lnk = C:\Program Files (x86)\LibreOffice 3.6\program\quickstart.exe ()
O4 - Startup: C:\Users\cyberpirate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = %w - Google Search
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10999655-6A99-493E-97DB-E1E82E5A7B0F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDB108E8-A62D-4B4F-9AC8-D98B23D7B1AC}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.10.13 10:16:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\cyberpirate\Desktop\OTL.exe
[2012.10.13 09:58:07 | 000,000,000 | ---D | C] -- C:\Users\cyberpirate\AppData\Roaming\JAM Software
[2012.10.12 15:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.12 12:05:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.12 11:55:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.12 11:55:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.12 11:55:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.12 11:55:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.10.12 11:55:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.12 11:54:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.12 11:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.09 17:17:01 | 000,000,000 | ---D | C] -- C:\Users\cyberpirate\AppData\Roaming\mkvtoolnix
[2012.10.04 18:45:54 | 000,000,000 | ---D | C] -- F:\! Eigene Dateien\Alcohol 120%
[2012.09.20 19:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.20 19:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
========== Files - Modified Within 30 Days ==========
[2012.10.13 10:15:58 | 000,020,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.13 10:15:58 | 000,020,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.13 10:13:48 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.13 10:13:48 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.13 10:13:48 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.13 10:13:48 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.13 10:13:48 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.13 10:08:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.13 10:08:39 | 3019,235,328 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.12 12:05:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.12 11:11:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cyberpirate\Desktop\OTL.exe
[2012.10.12 11:02:19 | 000,344,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.09 15:21:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.04 19:47:50 | 000,000,242 | ---- | M] () -- F:\! Eigene Dateien\ax_files.xml
[2012.10.01 17:15:48 | 000,000,577 | ---- | M] () -- F:\! Eigene Dateien\Aufgaben.rtf
[2012.09.28 11:02:48 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012.09.28 11:02:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
========== Files Created - No Company Name ==========
[2012.10.12 11:55:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.12 11:55:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.12 11:55:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.12 11:55:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.12 11:55:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.12 11:02:15 | 000,344,832 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.22 17:01:10 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2012.06.20 19:16:18 | 001,199,175 | ---- | C] () -- C:\Windows\unins000.exe
[2012.06.20 19:16:18 | 000,021,731 | ---- | C] () -- C:\Windows\unins000.dat
[2012.06.20 18:17:15 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.06.20 18:17:15 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.06.20 18:17:14 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.06.20 18:17:14 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.06.20 18:16:03 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.06.20 18:15:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.06.20 19:05:23 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\Acronis
[2012.06.20 19:45:55 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\Auslogics
[2012.06.20 18:24:07 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\DeviceVm
[2012.06.30 19:34:55 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\FileZilla
[2012.06.20 19:41:25 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\GlarySoft
[2012.10.13 09:58:07 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\JAM Software
[2012.06.20 18:31:32 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\Leadertech
[2012.08.22 01:08:38 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\LibreOffice
[2012.10.09 17:17:01 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\mkvtoolnix
[2012.07.01 12:09:01 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\MozBackup
[2012.10.01 17:13:34 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\MyPhoneExplorer
[2012.06.20 19:17:45 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\OpenOffice.org
[2012.06.21 19:54:42 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\Sync App Settings
[2012.08.01 11:14:28 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\Thunderbird
[2012.06.30 19:29:12 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\TrueCrypt
========== Purity Check ==========
========== Custom Scans ==========
< :OTL FF - prefs.js..network.proxy.http: "193.27.209.200" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true :Commands [emptytemp] >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,004,914 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.20 18:28:02 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.06.20 19:39:00 | 000,000,338 | ---- | C] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012.07.09 16:30:26 | 000,000,350 | -H-- | C] () -- C:\Windows\Tasks\avast! Emergency Update.job
[2012.08.11 09:50:09 | 000,000,208 | ---- | C] () -- C:\Windows\Tasks\SidebarExecute.job
[2012.08.21 23:59:32 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-972494703-4066016327-1056481122-1000Core1cd7fe83ede4e73.job
========== Alternate Data Streams ==========
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
--- --- --- |
