Trojaner-Board - Delta-Search bin ich nu "sauber"?

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Delta-Search bin ich nu "sauber"? (https://www.trojaner-board.de/134244-delta-search-nu-sauber.html)

Delta-Search bin ich nu "sauber"?

Hallöle,

hab mir vor einer halben Stund ein Video Mp4 Converter gedownloadet (wollt mal auf YouTube paar Vids hochladen), BÄM hab ich gleich mal n Hammer auf den Kopf bekommen als ich Firefox wieder geöffnet habe, total langsam und Delta-Search als Startseite hab dann versucht das rückgängig zu machen den Converter deinstalliert und den Delta Dreck aus der Systemsteuerung gelöscht.

Da die erste Regel bei euch ja erst Googlen dann draufloslabern ist, hab ich das gemacht und das "Programm" AdwCleaner[R1] gefunden, installiert, durchlaufen lassen, dann n File geshen mit vielen "Delta" Markierungen, löschen geklickt, PC neustart, AdwCleaner[R1] geöffnet und dann kam beim erneuten durchlaufen das raus

Code:

# AdwCleaner v2.300 - Datei am 29/04/2013 um 04:03:00 erstellt

# Aktualisiert am 28/04/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Kecky - KECKY-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Kecky\Downloads\AdwCleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v10.0.9200.16537
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v20.0.1 (de)
 

Datei : C:\Users\Kecky\AppData\Roaming\Mozilla\Firefox\Profiles\m4uxqan0.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [726 octets] - [29/04/2013 04:03:00]
 

########## EOF - C:\AdwCleaner[R1].txt - [785 octets] ##########

Microsoft Security Essentials sagt mir das der PC-Status: Geschützt ist und sauber
Hab nich so viel Ahnung von dem Zeugs, hoffe ihr könnt mir weiterhelfen, ab und zu lagt der Browser noch (z.b. als ich hier geschrieben hab^^)

Hat anfangs richtig stark gelagt, als ich aber in Systemsteuerung das Zeug deinstalliert hab war alles wieder wie gewohnt
Kein lag kein nix dacht ich mir ok lässte halt Microsoft Security Essentials durchlaufen und hörst derweil Musik bis dann wieder das lagn anfing -.-
(aber nur sehr leicht, außer ich bilde mir das ein? und der hat schon immer gelagt xD)

Mfg eastpak24

:hallo:

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Zitat:

durchlaufen lassen, dann n File geshen mit vielen "Delta" Markierungen, löschen geklickt, PC neustart

Ich hätte gern diese Logdatei von AdwCleaner, bei dem die Funde gelöscht wurden:
C:\AdwCleaner[SX].txt

Anschließend geht es so weiter:

Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

activex

msconfig

CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.log. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 3
Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die beiden Logdateien von OTL,
die Logdatei von DeFogger,
die Logdatei von GMER.

Hallo Matthias

Danke für die Hilfe, hab jetz alles erledigt was mir aufgetragen worden ist.

C:\AdwCleaner[SX].txt gibts bei mir nicht hab AdwCleaner deinstalliert gehabt und da hat sich das wahrscheinlich mit gelöscht?

Achja und als ich Gmer gestartet hatte war ich noch mit dem Internet verbunden :crazy: schlimm?

Habs dann geschlossen, Antivier + vom Internet getrennt und dann auf scan gedrückt ging alles bis iwann mein Browser sich aufhängte, dann haben sich alle Desktop-Symbole unsichtbar gemacht (sind verschwunden + Taskleiste), hab dann Strg+Alt+Entf gedrückt dann kam eine Fehlermeldung >
dass ich Pc per Power On/Off - neustarten soll, das tat ich dann und später hab ich Gmer ohne Firefox gestartet und scannen lassen dann hats auf anhieb geklappt ohne probs

Zuerst die 2 OTL's
OTL.txt

Code:

OTL logfile created on: 4/29/2013 3:01:57 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kecky\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7.98 Gb Total Physical Memory | 6.59 Gb Available Physical Memory | 82.57% Memory free

15.96 Gb Paging File | 14.48 Gb Available in Paging File | 90.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 45.44 Gb Total Space | 2.71 Gb Free Space | 5.96% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 492.17 Gb Free Space | 52.84% Space Free | Partition Type: NTFS

 

Computer Name: KECKY-PC | User Name: Kecky | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013/04/29 14:53:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kecky\Desktop\OTL.exe

PRC - [2013/04/19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2013/04/19 23:10:48 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\The Elder Scrolls V Skyrim\Steam.exe

PRC - [2010/12/02 04:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

PRC - [2010/11/27 07:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

PRC - [2010/11/10 21:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

PRC - [2010/11/03 19:30:14 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

PRC - [2010/10/21 11:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

PRC - [2010/10/06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2010/10/06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2009/12/23 23:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

PRC - [2009/12/23 23:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe

PRC - [2009/07/23 15:16:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013/04/19 23:10:50 | 001,114,024 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\chromehtml.dll

MOD - [2013/03/27 02:16:40 | 020,341,672 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\libcef.dll

MOD - [2013/03/26 00:23:34 | 000,651,776 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\SDL2.dll

MOD - [2012/12/11 19:51:10 | 001,100,800 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\avcodec-53.dll

MOD - [2012/12/11 19:51:10 | 000,192,000 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\avformat-53.dll

MOD - [2012/12/11 19:51:10 | 000,124,416 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\avutil-51.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/09/17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService)

SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2013/04/19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/04/12 15:03:33 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/04/01 05:08:20 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011/11/28 23:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2010/12/02 04:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc)

SRV - [2010/11/03 19:30:14 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)

SRV - [2010/10/21 11:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2010/10/06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/10/06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/23 23:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)

SRV - [2009/07/23 15:16:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/04/19 09:52:20 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)

DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/03 17:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011/02/24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)

DRV:64bit: - [2011/02/24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)

DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/09/23 10:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/09/17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)

DRV:64bit: - [2010/09/17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2010/09/17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)

DRV:64bit: - [2010/09/17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV:64bit: - [2010/09/14 12:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/07/01 16:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)

DRV:64bit: - [2010/05/26 11:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\4C3.tmp -- (MEMSWEEP2)

DRV:64bit: - [2010/01/15 14:27:46 | 000,032,544 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)

DRV:64bit: - [2010/01/15 14:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)

DRV:64bit: - [2010/01/15 14:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)

DRV:64bit: - [2010/01/15 14:27:18 | 000,029,472 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)

DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008/01/04 23:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)

DRV - [2005/01/03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-2213953162-339333542-4111985408-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com/

IE - HKU\S-1-5-21-2213953162-339333542-4111985408-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-2213953162-339333542-4111985408-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-2213953162-339333542-4111985408-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-2213953162-339333542-4111985408-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011/05/06 19:17:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 15:03:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 15:03:33 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2011/10/24 17:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kecky\AppData\Roaming\Mozilla\Extensions

[2013/04/29 03:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kecky\AppData\Roaming\Mozilla\Firefox\Profiles\m4uxqan0.default\extensions

[2013/04/28 18:37:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kecky\AppData\Roaming\Mozilla\Firefox\Profiles\m4uxqan0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012/10/27 15:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013/04/12 15:03:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/06/22 19:00:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012/08/30 08:15:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/22 19:00:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012/06/22 19:00:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012/06/22 19:00:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012/06/22 19:00:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2213953162-339333542-4111985408-1000..\Run: [Steam] D:\The Elder Scrolls V Skyrim\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk =  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kecky\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found

O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kecky\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E796B2B2-CDAD-49E1-AA14-79017D1E8F87}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013/04/29 14:53:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kecky\Desktop\OTL.exe

[2013/04/29 02:19:03 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Roaming\DVDVideoSoft

[2013/04/28 20:52:06 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Documents\Bilder

[2013/04/28 18:53:18 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Desktop\Plugins

[2013/04/28 18:37:42 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Documents\DVDVideoSoft

[2013/04/28 18:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2013/04/28 18:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft

[2013/04/28 18:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2013/04/28 18:25:10 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Roaming\gtk-2.0

[2013/04/28 18:24:17 | 000,000,000 | ---D | C] -- C:\Users\Kecky\.thumbnails

[2013/04/28 18:23:31 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Documents\gegl-0.0

[2013/04/28 18:23:31 | 000,000,000 | ---D | C] -- C:\Users\Kecky\.gimp-2.6

[2013/04/28 17:35:37 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Roaming\vlc

[2013/04/28 17:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2013/04/28 14:29:52 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Local\{85B279DF-A995-4EF7-B239-D660A56B82A4}

[2013/04/27 17:50:18 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Local\{D04C5D92-B59A-4276-A64E-AC666C2758C9}

[2013/04/18 13:14:33 | 000,000,000 | ---D | C] -- C:\Fraps

[2013/04/15 19:29:32 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Desktop\Movie

[2013/04/15 19:19:33 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Desktop\Ordner 2013

[2013/04/14 16:41:37 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Local\{AB88A836-4426-4419-AC04-766A6A86133A}

[2013/04/14 16:41:37 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Local\{99827D4E-8A79-469B-85A0-AD0F2818ECD3}

[2013/04/11 02:09:04 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/04/11 02:09:04 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/04/11 02:09:03 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/04/11 02:09:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/04/11 02:09:03 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/04/11 02:09:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/04/11 02:09:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/04/11 02:09:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/04/11 02:09:03 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/04/11 02:09:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/04/11 02:09:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/04/11 02:09:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/04/11 02:09:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/04/11 02:09:00 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/04/11 02:09:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/04/10 10:46:54 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2013/04/10 10:46:54 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013/04/10 10:46:54 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll

[2013/04/10 10:46:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll

[2013/04/10 10:46:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll

[2013/04/10 10:46:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll

[2013/04/10 10:43:30 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/04/10 10:43:30 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/04/10 10:43:30 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/04/10 10:43:29 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe

[2013/04/10 10:43:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2013/04/10 10:43:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2013/04/01 05:10:32 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Local\Macromedia

[2013/04/01 05:08:19 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013/04/29 14:53:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kecky\Desktop\OTL.exe

[2013/04/29 14:51:58 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/29 14:51:58 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/29 14:48:09 | 001,529,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/04/29 14:48:09 | 000,665,562 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013/04/29 14:48:09 | 000,627,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/04/29 14:48:09 | 000,133,774 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013/04/29 14:48:09 | 000,110,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/04/29 14:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/04/29 14:43:42 | 2132,713,471 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/29 04:28:13 | 000,050,477 | ---- | M] () -- C:\Users\Kecky\Desktop\Defogger.exe

[2013/04/29 04:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/04/29 04:02:45 | 000,628,743 | ---- | M] () -- C:\Users\Kecky\Desktop\AdwCleaner.exe

[2013/04/29 03:22:59 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat

[2013/04/29 02:55:11 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk

[2013/04/29 02:19:12 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk

[2013/04/28 23:59:22 | 000,006,129 | ---- | M] () -- C:\Users\Kecky\.recently-used.xbel

[2013/04/28 21:00:45 | 000,002,121 | ---- | M] () -- C:\Users\Kecky\Desktop\Microsoft Security Essentials.lnk

[2013/04/28 18:59:09 | 000,001,040 | ---- | M] () -- C:\Users\Kecky\Desktop\IV_Player - Verknüpfung.lnk

[2013/04/28 18:37:46 | 000,001,243 | ---- | M] () -- C:\Users\Kecky\Desktop\DVDVideoSoft Free Studio.lnk

[2013/04/28 18:23:29 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk

[2013/04/28 17:14:48 | 000,000,655 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013/04/11 11:38:25 | 000,417,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/04/07 02:37:45 | 000,002,127 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/04/01 05:08:19 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/04/01 05:08:19 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013/04/29 04:28:13 | 000,050,477 | ---- | C] () -- C:\Users\Kecky\Desktop\Defogger.exe

[2013/04/29 04:02:24 | 000,628,743 | ---- | C] () -- C:\Users\Kecky\Desktop\AdwCleaner.exe

[2013/04/29 03:22:54 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat

[2013/04/29 02:55:11 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk

[2013/04/29 02:19:12 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk

[2013/04/28 23:59:22 | 000,006,129 | ---- | C] () -- C:\Users\Kecky\.recently-used.xbel

[2013/04/28 21:00:45 | 000,002,121 | ---- | C] () -- C:\Users\Kecky\Desktop\Microsoft Security Essentials.lnk

[2013/04/28 18:59:09 | 000,001,040 | ---- | C] () -- C:\Users\Kecky\Desktop\IV_Player - Verknüpfung.lnk

[2013/04/28 18:37:42 | 000,001,243 | ---- | C] () -- C:\Users\Kecky\Desktop\DVDVideoSoft Free Studio.lnk

[2013/04/28 18:23:29 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk

[2013/04/28 17:14:48 | 000,000,655 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013/04/01 05:08:20 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/22 05:52:27 | 000,004,096 | -H-- | C] () -- C:\Users\Kecky\AppData\Local\keyfile3.drm

[2012/01/02 09:09:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/10/25 00:22:38 | 000,000,632 | ---- | C] () -- C:\Windows\CoD.INI

[2011/10/24 17:18:26 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2011/10/23 22:49:33 | 000,000,166 | ---- | C] () -- C:\Windows\WLP.ini

[2011/05/06 18:54:22 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

[2011/05/06 18:53:41 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2011/05/06 18:53:34 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll

[2011/05/06 18:53:34 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2011/05/06 18:53:34 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2011/05/06 18:52:49 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll

[2011/05/06 18:47:11 | 000,008,949 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2011/05/06 18:47:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011/05/06 18:47:04 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

[2011/05/06 18:47:04 | 000,005,557 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

 
 ========== ZeroAccess Check ==========

 

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 

< End of report >

Und die Extra.txt

Code:

OTL Extras logfile created on: 4/29/2013 3:01:57 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kecky\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7.98 Gb Total Physical Memory | 6.59 Gb Available Physical Memory | 82.57% Memory free

15.96 Gb Paging File | 14.48 Gb Available in Paging File | 90.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 45.44 Gb Total Space | 2.71 Gb Free Space | 5.96% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 492.17 Gb Free Space | 52.84% Space Free | Partition Type: NTFS

 

Computer Name: KECKY-PC | User Name: Kecky | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2213953162-339333542-4111985408-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0386CD1F-D82F-46BB-BF6B-828B157E8B82}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{0C0BCDF3-2229-4A23-93BF-591621AA61FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{0FADF6B8-9176-4F25-AF1A-CEEA38E0909D}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1925B6B6-631F-4BCB-8185-0FC2C47466AD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{338E34AB-16BB-48AF-B22A-6F2B03FDF3BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{37B154A3-5250-4AFE-AD9C-40FA5E228714}" = rport=445 | protocol=6 | dir=out | app=system | 

"{3810DC4D-BAF5-41B4-AFF1-AF4BB2457A8E}" = lport=138 | protocol=17 | dir=in | app=system | 

"{3B3B386E-4127-4A67-BAB7-54C1B0CACB0A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{463F4E2E-2BF7-44FD-9F87-CE3C475A6B72}" = rport=138 | protocol=17 | dir=out | app=system | 

"{5C330739-25C9-4CAF-BEC7-CE618B6EE12B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{634A59D9-7839-48BC-A52B-B9AB743297A5}" = lport=137 | protocol=17 | dir=in | app=system | 

"{81A39940-A3E9-46BE-8E0F-23FDCADBADE2}" = rport=137 | protocol=17 | dir=out | app=system | 

"{850A67EA-F4C8-4DDD-8C89-8160A5D509C1}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{934A89AD-B481-433E-A8FA-C93E27EE6671}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{96AABC30-B7BC-47DF-A360-69A5A07F2872}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{9BCB96FE-B66F-439E-9491-946D8D5CD0B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{9BCCE45E-AB81-4DF8-92BA-9E774AF93090}" = lport=445 | protocol=6 | dir=in | app=system | 

"{B6059378-474E-44C2-A8EE-6E0EAE3F8A8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B761A781-7CA9-4BA4-B999-D83E004AED5A}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{C9DD9E78-03DE-4E2F-ADC6-A9640DDD6C8A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{E33416E2-3B7A-4BD0-9C9C-67D4DEA4F689}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{F387FDF3-BBDC-43AC-ABA3-E6988F162D40}" = lport=139 | protocol=6 | dir=in | app=system | 

"{FC98107C-A4A0-4F6D-9B57-6FA1A69E56AB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{088B353E-A8EF-4F37-8D30-8243A17B012D}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | 

"{0E835E25-94B5-46A9-AAD6-62AEA0FA923A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 

"{0F916AAB-0146-45BB-9F90-E05353C71A4B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{1043BE92-A1BA-4FFB-A593-EF1EF50A7B56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{112BFE27-B88A-499F-B96F-C261C8C908AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{134B205E-5619-4736-A33D-72384219ACF9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 

"{169FE2E9-A1A9-4695-9B84-242911485369}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 

"{1C4A6667-DAF6-42D0-807F-9F6D25BEC81F}" = protocol=6 | dir=in | app=d:\the elder scrolls v skyrim\steamapps\common\skyrim\skyrimlauncher.exe | 

"{1D9408B3-F504-43F6-BA55-7AA4403E8F7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{1EDC16A7-E855-4751-9808-44DA400AC877}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{29F23642-E484-47CD-8B88-A71FE23BD3F2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 

"{31150389-657D-4A3E-BA8F-4C91B277A077}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 

"{3E10EC4D-D219-4989-B18F-472C8DE89024}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{4124FB86-1452-4D86-8A7B-410F8768E573}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 

"{46E948B5-A4FC-4421-86D9-B1821D98A7DE}" = protocol=6 | dir=out | app=system | 

"{477E0412-50F9-44FB-900A-46100B5A7004}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 

"{4BFA3BA1-90C0-4B00-B21A-61DEF722BA34}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 

"{4C422458-A9BC-45BB-97C5-B1F978186BA0}" = protocol=17 | dir=in | app=c:\users\kecky\appdata\roaming\2yourface\updater.exe | 

"{5302029D-ACED-44F1-B4D7-5CF82856B7BA}" = protocol=17 | dir=in | app=d:\the elder scrolls v skyrim\steamapps\common\skyrim\skyrimlauncher.exe | 

"{55C1E1C1-9B91-4798-ADF9-07A28D8DCFF6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{62AD5D0D-A9AB-44F5-9DCA-0AA8BE6CEAD0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{69703DAC-5167-4062-BEC6-F55B4E2C693D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{73E1532B-C011-441E-9E7D-F5F598B08D35}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 

"{7BA77C9F-21E5-4B65-B393-F21B8BAE74E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{854CC4BE-0E33-4606-8171-3E80E9494D0A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{884BA2FE-041B-4728-AAFA-00F3898BC968}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 

"{8962DBE4-9D34-475A-9ACE-FDA8B53121CA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{9182A833-859F-47FE-BF66-985EC388C578}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 

"{965D2F90-AB8D-46CD-B965-943D2DFF7A1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{9A5FDC38-07B3-462F-9435-3AAB1FEFE7DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A21C6DEF-C86B-4530-87EC-252334FA3A54}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 

"{AAD0A0EF-E86A-462D-9695-9939C99F0AD5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{B030928E-333D-4C03-9E35-E1696C9FBD01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{BF55F325-3672-4A60-8E3E-A47FD921F9C6}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 

"{C21ADCCF-9F10-42F4-8600-23F8961FC7AD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 

"{C432E615-D21D-46A6-AA45-17EE7A900EE1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 

"{C4BD0487-D506-4866-842F-58D874F66260}" = protocol=17 | dir=in | app=d:\the elder scrolls v skyrim\steam.exe | 

"{C8B7065B-6312-4E3C-8280-83EC28C3FD0E}" = protocol=17 | dir=in | app=d:\diablooooo\diablo iii\diablo iii.exe | 

"{C9C3F548-36B8-4306-8572-30E725A37314}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{CAA92511-9FDB-484B-8079-351879910F1C}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 

"{CD5AEEA6-14D9-4725-B27C-D7A1DD905E17}" = protocol=6 | dir=in | app=d:\the elder scrolls v skyrim\steam.exe | 

"{D47BF837-FBEB-4918-9B01-2789FAA337B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{DAE44E19-8FBC-4DA5-8982-01654AC5FDB2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 

"{E0529AFC-2E7B-4EF3-9BA7-788EEB7D3340}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 

"{E3A3D9D5-7D0D-4753-927C-0E5D2D2818B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{EEEF5903-16D5-4110-A306-7CA1E304E88D}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | 

"{F3D9C09C-B3D9-484C-BCDF-6B132DAC143B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{F9DFFD89-72E5-46F4-B61C-22A4EABFD36F}" = protocol=6 | dir=in | app=c:\users\kecky\appdata\roaming\2yourface\updater.exe | 

"{FAD4F571-059F-48BB-B8DC-1581D24523EE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 

"{FB103DA0-F838-46FB-895D-01EB0E10C742}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{FB927191-9114-4A02-A186-34F93249F8AB}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 

"{FDF8D6E5-1120-4E83-B983-0CDCB573C8DF}" = protocol=6 | dir=in | app=d:\diablooooo\diablo iii\diablo iii.exe | 

"TCP Query User{123E810B-EC72-4EFA-9C14-309DB6768D7B}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 

"TCP Query User{2B82CAEB-E199-4DDF-94F4-FDDD4F7E148D}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 

"TCP Query User{6E4229DA-1AD6-4D77-A656-AA5DD4472E6E}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 

"TCP Query User{7A993C27-A8C0-4E55-88C4-1D78DFBB8025}D:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 

"TCP Query User{8E2E4412-E7D1-4BEC-9E77-0884ED187F74}D:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 

"TCP Query User{9852667B-A9B0-469B-AD39-F5A8011BBD24}D:\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base24944\sc2.exe | 

"TCP Query User{9FA5C62E-CC7B-411D-9544-1F92A1C03EA8}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 

"TCP Query User{AC2431E7-F6B2-4E10-B63E-54E81CB3B143}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 

"TCP Query User{ACED9FD3-446F-41B6-8A56-FE10C808B886}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe | 

"TCP Query User{B1927DB4-2CC6-4911-83ED-525550FA9A36}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 

"TCP Query User{B6D1D6CE-1E2E-4746-B78D-1301D068E738}D:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 

"TCP Query User{BBC66214-8793-4471-988B-65D71328220D}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 

"TCP Query User{E23E6333-EDAF-4FFB-A44F-86FA5B3CE827}D:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 

"TCP Query User{F6032BE0-5F1C-43EB-AFE1-00DC8E34F9AA}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe | 

"UDP Query User{1E8BF838-1E97-4828-808A-4444DE19FF47}D:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 

"UDP Query User{221029D8-5F8D-42E5-8364-0320452D69D3}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe | 

"UDP Query User{2F07FC19-BAC7-4C91-AB5C-8573B69CE476}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 

"UDP Query User{45EDC978-9C18-403C-94B3-0E2ED8C3A573}D:\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base24944\sc2.exe | 

"UDP Query User{54CC63C5-41E5-4A4D-BFB4-BF8CAEE87ED6}D:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 

"UDP Query User{5F4C353D-7115-4007-B246-F1EB04B285DC}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 

"UDP Query User{77A1EDD2-8F12-4E08-B4F3-FFB5AB9F8E2E}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 

"UDP Query User{8C541F62-295D-499B-9A0E-E7A9B96310AB}D:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 

"UDP Query User{C7FB8A7F-7010-4276-A7F9-2999F7D84D67}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 

"UDP Query User{CF5E2D36-D5C7-4A24-A723-EA766911A572}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe | 

"UDP Query User{D2F8BDEB-9FFB-4C17-B227-49E2F9131CCC}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 

"UDP Query User{F7DB1FB6-1EF4-4247-B082-099B5F25C777}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 

"UDP Query User{FB399FF7-2AA1-4053-9427-D3EB77E87E0A}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 

"UDP Query User{FEFC9D8F-EC21-4E7F-A4D4-1CDFC90D481D}D:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety

"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security

"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.29

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.29

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

"TeamSpeak 3 Client" = TeamSpeak 3 Client

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{124C9BD0-8C52-40AB-8238-0605703B1C28}" = ASUS Backup Wizard

"{12e3104b-7dc7-4ad5-9ea7-411d2955904b}" = Nero 9 Essentials

"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help

"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh

"{40FDC018-23A6-4618-B30A-A8EFCAA22A3D}" = Wildlife Park

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger

"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager

"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Realtek Ethernet Diagnostic Utility

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer

"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker

"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail

"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack

"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver

"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Asus Vibe2.0" = AsusVibe2.0

"Audacity_is1" = Audacity 2.0.2

"AV Voice Changer Software 7.0" = AV Voice Changer Software 7.0

"Diablo III" = Diablo III

"Fraps" = Fraps

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4

"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.426

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.426

"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4

"StarCraft II" = StarCraft II

"Steam App 72850" = The Elder Scrolls V: Skyrim

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.1.3

"WinGimp-2.0_is1" = GIMP 2.6.8

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.20 (32-Bit)

"World of Warcraft" = World of Warcraft

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 4/28/2013 8:33:43 PM | Computer Name = Kecky-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.3.0, Zeitstempel:

 0x4c6c2da5  Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.3.0, Zeitstempel:

 0x4c6c2da5  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001749  ID des fehlerhaften Prozesses:

 0x10d8  Startzeit der fehlerhaften Anwendung: 0x01ce44712cf72ede  Pfad der fehlerhaften

 Anwendung: D:\VLC media Player\VLC\vlc.exe  Pfad des fehlerhaften Moduls: D:\VLC 

media Player\VLC\vlc.exe  Berichtskennung: 7181da35-b064-11e2-93ae-14dae9581f0a

 

Error - 4/28/2013 8:54:37 PM | Computer Name = Kecky-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Programm_Programm_Programm\SoftonicDownloader(MP3DirectCut).exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 4/28/2013 8:54:37 PM | Computer Name = Kecky-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Programm_Programm_Programm\SoftonicDownloader(irvanView).exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 4/28/2013 8:54:37 PM | Computer Name = Kecky-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Programm_Programm_Programm\SoftonicDownloader(Gimp).exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 4/28/2013 9:26:13 PM | Computer Name = Kecky-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 4/29/2013 8:45:36 AM | Computer Name = Kecky-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 4/29/2013 8:54:13 AM | Computer Name = Kecky-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kecky\Downloads\SoftonicDownloader_fuer_morphvox.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 4/29/2013 8:54:14 AM | Computer Name = Kecky-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kecky\Downloads\SoftonicDownloader_fuer_av-voice-changer-software.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 4/29/2013 8:56:36 AM | Computer Name = Kecky-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-2213953162-339333542-4111985408-1000\$RT87K34.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 4/29/2013 8:56:36 AM | Computer Name = Kecky-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\$Recycle.Bin\S-1-5-21-2213953162-339333542-4111985408-1000\$RGPG5ZS.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

[ Media Center Events ]

Error - 10/23/2011 7:25:04 AM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0

Description = 13:25:04 - Fehler beim Herstellen der Internetverbindung.  13:25:04 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 10/23/2011 8:55:57 AM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0

Description = 14:55:57 - Fehler beim Herstellen der Internetverbindung.  14:55:57 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 10/23/2011 10:19:25 AM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0

Description = 16:19:25 - Fehler beim Herstellen der Internetverbindung.  16:19:25 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 10/23/2011 1:01:36 PM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0

Description = 19:01:36 - Fehler beim Herstellen der Internetverbindung.  19:01:36 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 10/24/2011 9:40:14 AM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0

Description = 15:40:14 - Fehler beim Herstellen der Internetverbindung.  15:40:14 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 10/25/2011 1:19:10 PM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0

Description = 19:19:10 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde

 liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)  

 

Error - 10/26/2011 1:06:33 PM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0

Description = 19:06:33 - Directory konnte nicht abgerufen werden (Fehler: Timeout

 für Vorgang überschritten)  

 

Error - 10/26/2011 2:12:10 PM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0

Description = 20:12:10 - Fehler beim Herstellen der Internetverbindung.  20:12:10 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 2/27/2013 11:53:29 PM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0

Description = 04:53:28 - Fehler beim Herstellen der Internetverbindung.  04:53:28 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 3/3/2013 1:52:19 PM | Computer Name = Kecky-PC | Source = MCUpdate | ID = 0

Description = 18:52:19 - Directory konnte nicht abgerufen werden (Fehler: Invalid

 security token.)  

 

[ System Events ]

Error - 4/14/2013 4:49:36 PM | Computer Name = Kecky-PC | Source = volsnap | ID = 393252

Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher

 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

 

Error - 4/15/2013 1:18:19 PM | Computer Name = Kecky-PC | Source = Service Control Manager | ID = 7043

Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines 

Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

 

Error - 4/17/2013 12:17:19 PM | Computer Name = Kecky-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?17.?04.?2013 um 18:16:42 unerwartet heruntergefahren.

 

Error - 4/19/2013 7:51:09 PM | Computer Name = Kecky-PC | Source = volsnap | ID = 393252

Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher

 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

 

Error - 4/22/2013 8:07:19 AM | Computer Name = Kecky-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?22.?04.?2013 um 14:05:44 unerwartet heruntergefahren.

 

Error - 4/25/2013 11:19:41 AM | Computer Name = Kecky-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Steam Client Service erreicht.

 

Error - 4/25/2013 11:19:41 AM | Computer Name = Kecky-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1053

 

Error - 4/27/2013 4:49:49 PM | Computer Name = Kecky-PC | Source = volsnap | ID = 393252

Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher

 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

 

Error - 4/28/2013 10:11:48 AM | Computer Name = Kecky-PC | Source = volsnap | ID = 393252

Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher

 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

 

Error - 4/28/2013 8:13:46 PM | Computer Name = Kecky-PC | Source = volsnap | ID = 393252

Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher

 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

 

 

< End of report >

:crazy: Ganz schön viel oder?...
und ja ich weiß meine Festplatte is voll 95% :headbang: aber keine Ahnung brauch das alles und hab ja nochn andren speicher der noch viel verträgt :lach:
hab ja mehrere Game's die bissl "größer" ausfallen unter anderem Skyrim, StarCraft, Diablo3, WoW usw.

Defogger_disable.txt

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 15:19 on 29/04/2013 (Kecky)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

Hoffe ist soweit alles richtig?
Tut mir leid das ich den Beitrag nun spalten muss hatte 130000 Zeichen und es sind nur 120000 Zeichen zugelassen :crazy:

was ich schon die ganze Zeit wissen will WAS genau tut Delta-Search eig.? späht der meine Passwörter bei Facebook oder so aus? kann ich da jetz ungestört einloggn?
auf google steht nur Schwachsinn und in einem Dialekt den ich ned versteh :lach: bitte erklären will jetz nich die blabla quadratwurzel blubb wissn einfach nur bsp. > Er leitet dich nur um damit du dir andre Viren einfängst oder so ähnlich

Mfg eastpak24

und hier noch die gmer da ich gezwungen war Beitrag zu splitten

Gmer.txt

Code:

GMER 2.1.19163 - hxxp://www.gmer.net

Rootkit scan 2013-04-29 15:46:15

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ADATA_S596_Turbo rev.100730 59,63GB

Running: gmer_2.1.19163.exe; Driver: C:\Users\Kecky\AppData\Local\Temp\fgtoqpoc.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text  C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2060] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69   00000000758e1465 2 bytes [8E, 75]

.text  C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2060] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  00000000758e14bb 2 bytes [8E, 75]

.text  ...                                                                                                                                   * 2

.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3692] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                        0000000076fd549c 5 bytes JMP 0000000100080800

.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              00000000758e1465 2 bytes [8E, 75]

.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             00000000758e14bb 2 bytes [8E, 75]

.text  ...                                                                                                                                   * 2
 

---- User IAT/EAT - GMER 2.1 ----
 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!??2@YAPEAX_K@Z]                                  [a] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!wcscpy_s]                                        [80020004] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!wcscat_s]                                        [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!??_V@YAXPEAX@Z]                                  [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!malloc]                                          [6563786556413f2e] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!free]                                            [40406e6f697470] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!wcsncpy_s]                                       [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!__CxxFrameHandler3]                              [69676f6c56413f2e] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_XcptFilter]                                     [40726f7272655f63] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_initterm]                                       [4040647473] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_unlock]                                         [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!__dllonexit]                                     [676e656c56413f2e] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_lock]                                           [726f7272655f6874] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_onexit]                                         [404064747340] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!_errno]                                          [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!??1type_info@@UEAA@XZ]                           [5f74756f56413f2e] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!memcpy_s]                                        [65676e61725f666f] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[msvcrt.dll!??3@YAXPEAX@Z]                                   [404064747340] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!OpenServiceW]                                  [10000000000] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!OpenSCManagerW]                                [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!CloseServiceHandle]                            [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegSetValueExW]                                [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegCloseKey]                                   [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegEnumKeyExW]                                 [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegOpenKeyExW]                                 [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegDeleteValueW]                               [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegQueryInfoKeyW]                              [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!RegCreateKeyExW]                               [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ADVAPI32.dll!QueryServiceStatus]                            [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetCurrentThreadId]                            [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetTickCount]                                  [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!QueryPerformanceCounter]                       [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!Sleep]                                         [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetCurrentProcessId]                           [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetVersionExA]                                 [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!lstrcmpiW]                                     [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetSystemTimeAsFileTime]                       [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!TerminateProcess]                              [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetCurrentProcess]                             [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!UnhandledExceptionFilter]                      [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!SetUnhandledExceptionFilter]                   [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!RtlVirtualUnwind]                              [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!RtlLookupFunctionEntry]                        [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!RtlCaptureContext]                             [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!OutputDebugStringA]                            [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetLastError]                                  [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!FindResourceW]                                 [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!FreeLibrary]                                   [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!LoadLibraryExW]                                [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetModuleHandleW]                              [ffffffffffffffff] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!LoadLibraryW]                                  [ffffbb20854ceed7] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!SizeofResource]                                [11d16528b62f5910] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetModuleFileNameW]                            [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[KERNEL32.dll!GetProcAddress]                                [3daf2b0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ole32.dll!CoTaskMemFree]                                    [455f584356413f2e] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ole32.dll!StringFromGUID2]                                  [6e6f697470656378] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[ole32.dll!CoTaskMemRealloc]                                 [4040] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[USER32.dll!UnregisterClassA]                                [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\ndiscapCfg.dll[USER32.dll!CharNextW]                                       [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBV0@@Z]                         [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!malloc]                                              [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memcpy_s]                                            [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!?what@exception@@UEBAPEBDXZ]                         [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??1exception@@UEAA@XZ]                               [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBD@Z]                        [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!realloc]                                             [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memmove_s]                                           [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@XZ]                               [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBDH@Z]                       [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_CxxThrowException]                                  [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_callnewh]                                           [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!__CxxFrameHandler3]                                  [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_XcptFilter]                                         [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_initterm]                                           [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_amsg_exit]                                          [111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!??1type_info@@UEAA@XZ]                               [fffffffffffffffe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_unlock]                                             [100000000] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!__dllonexit]                                         [400000002] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_lock]                                               [a00000006] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_onexit]                                             [160000000e] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memset]                                              [2e0000001e] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!_vsnwprintf]                                         [5e0000003e] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!free]                                                [be0000007e] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[msvcrt.dll!memcpy]                                              [17e000000fe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlGetNtProductType]                                  [5fe000003fe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ntdll.dll!VerSetConditionMask]                                  [bfe000007fe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlVirtualUnwind]                                     [17fe00000ffe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlCaptureContext]                                    [2ffe00001ffe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ntdll.dll!RtlLookupFunctionEntry]                               [5ffe00003ffe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!GetTickCount]                                      [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!LoadResource]                                      [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!FindResourceW]                                     [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!GetLastError]                                      [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!LoadLibraryExW]                                    [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!lstrlenW]                                          [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!lstrcpynW]                                         [4a5bc17400000000] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!lstrcmpiW]                                         [200000000] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[KERNEL32.dll!DisableThreadLibraryCalls]                         [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemRealloc]                                     [17ffe0000fffe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemAlloc]                                       [2fffe0001fffe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoTaskMemFree]                                        [5fffe0003fffe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoUninitialize]                                       [9fffe0007fffe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[ole32.dll!CoInitializeEx]                                       [dfffe000bfffe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiDestroyDeviceInfoList]                      [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupOpenInfFileW]                                 [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupFindFirstLineW]                               [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetIntField]                                  [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetMultiSzFieldW]                             [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiEnumDeviceInfo]                             [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiOpenDevRegKey]                              [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupDiGetClassDevsW]                              [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupCloseInfFile]                                 [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[SETUPAPI.dll!SetupGetStringFieldW]                              [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[USER32.dll!CharNextW]                                           [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[USER32.dll!LoadStringW]                                         [1111111111111111] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogDeregisterW]                               [15fffe0013fffe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogRegisterW]                                 [19fffe0017fffe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[rtutils.dll!RouterLogEventW]                                    [1dfffe001bfffe] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceDelete]                             [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceDelete]                            [80818086808006] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportRemove]                   [8082868086031000] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminServerDisconnect]                            [8585454545050514] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigServerDisconnect]                           [5080303000000585] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminServerConnect]                               [3827280008008080] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceCreate]                             [3037000700805750] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceEnum]                               [2000000088505030] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceGetHandle]                          [8080888028] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminInterfaceTransportAdd]                       [808686868606060] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprAdminTransportCreate]                             [870707770707807] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigServerConnect]                              [700080008000008] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceCreate]                            [8] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceEnum]                              [706050403020100] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportEnum]                     [f0e0d0c0b0a0908] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceGetHandle]                         [605040302010010] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportAdd]                      [e0d0c0b0a090807] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigInterfaceTransportGetHandle]                [100f] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportCreate]                            [0] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportDelete]                            [202010100000000] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportGetHandle]                         [606050504040303] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigTransportGetInfo]                           [a0a090908080707] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[MPRAPI.dll!MprConfigBufferFree]                                 [e0e0d0d0c0c0b0b] 

IAT    C:\Windows\system32\svchost.exe[608] @ C:\Windows\system32\rascfg.dll[slc.dll!SLGetWindowsInformationDWORD]                           [25fffe0023fffe] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!free]                                                   [10000000000] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!??_U@YAPEAX_K@Z]                                        [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!??_V@YAXPEAX@Z]                                         [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_XcptFilter]                                            [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!malloc]                                                 [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_initterm]                                              [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!realloc]                                                [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_unlock]                                                [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!__dllonexit]                                            [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memcpy]                                                 [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memset]                                                 [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_ultow_s]                                               [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_vsnwprintf]                                            [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_amsg_exit]                                             [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memcmp]                                                 [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_lock]                                                  [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_onexit]                                                [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_ui64tow_s]                                             [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlLookupFunctionEntry]                                  [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCaptureContext]                                       [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlInitUnicodeString]                                    [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlMapGenericMask]                                       [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCreateAcl]                                            [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlAddAccessAllowedAce]                                  [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCreateSecurityDescriptor]                             [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlSetDaclSecurityDescriptor]                            [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!NtQueryInformationFile]                                  [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlVirtualUnwind]                                        [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaOpenPolicy]                                        [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!CopySid]                                              [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaLookupNames2]                                      [44df65cf510e] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaClose]                                             [ffffbb209a30aef1] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegOpenKeyExW]                                        [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegCloseKey]                                          [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegQueryValueExW]                                     [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetNamedSecurityInfoW]                                [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetSecurityDescriptorControl]                         [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!IsValidSid]                                           [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!EqualSid]                                             [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetLengthSid]                                         [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaFreeMemory]                                        [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[USER32.dll!CopyImage]                                              [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[USER32.dll!LoadStringW]                                            [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[USER32.dll!ReleaseDC]                                              [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[USER32.dll!GetDC]                                                  [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateDIBSection]                                        [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteDC]                                                [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetBitmapBits]                                           [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateCompatibleDC]                                      [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!SelectObject]                                            [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!BitBlt]                                                  [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetObjectW]                                              [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteObject]                                            [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHChangeNotify]                                        [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathCombineW]                                          [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathRemoveFileSpecW]                                   [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHGetValueW]                                           [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsRootW]                                           [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsUNCW]                                            [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHStrDupW]                                             [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DisableThreadLibraryCalls]                            [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LoadLibraryW]                                         [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcAddress]                                       [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FreeLibrary]                                          [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetLastError]                                         [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LoadLibraryExA]                                       [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DelayLoadFailureHook]                                 [ffffffffffffffff] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CloseHandle]                                          [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LCMapStringW]                                         [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateDirectoryW]                                     [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindFirstFileW]                                       [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DeleteFileW]                                          [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!RemoveDirectoryW]                                     [1] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDiskFreeSpaceExW]                                  [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTempFileNameW]                                     [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDriveTypeW]                                        [2] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MulDiv]                                               [1] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateFileW]                                          [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFilePointer]                                       [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!WriteFile]                                            [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTickCount]                                         [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileAttributesW]                                   [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!QueryPerformanceCounter]                              [7] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentProcessId]                                  [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetSystemTimeAsFileTime]                              [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!UnhandledExceptionFilter]                             [8] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetUnhandledExceptionFilter]                          [1] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LocalAlloc]                                           [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetModuleHandleW]                                     [9] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SystemTimeToFileTime]                                 [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!OpenProcess]                                          [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateEventW]                                         [a] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!ReleaseMutex]                                         [32] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetEvent]                                             [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MapViewOfFile]                                        [b] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileInformationByHandleEx]                         [1f4] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileInformationByHandle]                           [0] 

IAT    C:\Windows\Explorer.EXE[2760] @ C:\Windows\system32\thumbcache.dll[PSAPI.DLL!QueryWorkingSetEx]                                       [0] 
 

---- Disk sectors - GMER 2.1 ----
 

Disk   \Device\Harddisk0\DR0                                                                                                                 unknown MBR code
 

---- EOF - GMER 2.1 ----

hab i-wie das Gefühl das es langsamer ist? oder liegt das an dem Text der so groß ausfällt? sollt ich kurz YouTube Vid laden und guckn ob das "gut" läd? (ich tu grad nichts, bis ich ne Anweißung bekomme)

Servus,

an deiner vollen Festplatte solltest du schleunigst was ändern... sonst geht bald gar nix mehr. ;)

Schritt 1

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 2
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste mit deiner nächsten Antwort

die Logdatei von JRT,
die Logdatei von ComboFix.

Sers, Matthias

als jRT drübergelaufen ist war Firefox noch offen, wurde dann wieder geschlossen (aufgehängt) dann verschwanden wieder alle Desktop-Symbole + Taskleiste aber mein Pc hat sich dann gefangen und weiter gemacht nicht wie beim ersten mal einen Neustart gebraucht. (hat auch nur 3-5 sec. gedauert bis Symbole wieder da waren, war wie son Schluckauf :lach:)

Hab mir dann ComboFix gezogen hat angefangen zu scanen dann kam ein Fenster das aussah wie von jRT also selber Style? hat das ne Bedeutung?
War jedenfalls nur 2Sec. da und verschwand dann wieder.

Ging alles recht schnell grad mal 5min für beide, achja eins noch nachdem ComboFix fertig war hat meiner keinen Neustart verlangt!? soll ich trzd? jedenfalls hab ich AntiV wieder angemacht und poste jetz

JRT.txt

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.2 (04.29.2013:1)

OS: Windows 7 Home Premium x64

Ran by Kecky on 29.04.2013 at 21:08:44,01

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{0B485216-AEBC-4D8E-A651-043E67F5E15B}

Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{13CC521A-2BAC-4D27-B14D-7CCD041F153B}

Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{16DCBFB6-A6CA-432A-A8D7-D826C56BFCB9}

Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{5AC5B471-3FFD-4176-8EC5-464CCEC14A73}

Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{81BE36F6-E80F-41C2-84A3-119BA6CD7F24}

Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{85B279DF-A995-4EF7-B239-D660A56B82A4}

Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{953E18C4-F563-4A6E-9FF4-0E068A424BC1}

Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{99827D4E-8A79-469B-85A0-AD0F2818ECD3}

Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{9B2D1F98-C643-4390-BD74-535EB4FE14FC}

Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{AB88A836-4426-4419-AC04-766A6A86133A}

Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{ABB8788A-ADF6-44E7-AA2D-670C6D6147AE}

Successfully deleted: [Empty Folder] C:\Users\Kecky\appdata\local\{D04C5D92-B59A-4276-A64E-AC666C2758C9}
 
 
 

~~~ FireFox
 

Successfully deleted: [File] C:\Users\Kecky\AppData\Roaming\mozilla\firefox\profiles\m4uxqan0.default\invalidprefs.js

Successfully deleted: [Folder] C:\Users\Kecky\AppData\Roaming\mozilla\firefox\profiles\m4uxqan0.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}

Successfully deleted the following from C:\Users\Kecky\AppData\Roaming\mozilla\firefox\profiles\m4uxqan0.default\prefs.js
 

user_pref("extensions.crossrider.bic", "13aad1599874c8c07afd5dbe69dfe2c2");

Emptied folder: C:\Users\Kecky\AppData\Roaming\mozilla\firefox\profiles\m4uxqan0.default\minidumps [2 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 29.04.2013 at 21:11:21,48

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und die C:\Combofix.txt

Code:

ComboFix 13-04-28.01 - Kecky 29.04.2013  21:16:22.1.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8173.6326 [GMT 2:00]

ausgeführt von:: c:\users\Kecky\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\IsUn0407.exe

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-03-28 bis 2013-04-29  ))))))))))))))))))))))))))))))

.

.

2013-04-29 19:21 . 2013-04-29 19:21        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-04-29 19:12 . 2013-04-10 03:46        9317456        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8F1FACE-59FE-4D8B-9648-F125D427A23A}\mpengine.dll

2013-04-29 19:08 . 2013-04-29 19:08        --------        d-----w-        c:\windows\ERUNT

2013-04-29 19:08 . 2013-04-29 19:08        --------        d-----w-        C:\JRT

2013-04-29 01:22 . 2013-04-29 01:22        98        ----a-w-        c:\windows\DeleteOnReboot.bat

2013-04-29 00:19 . 2013-04-29 00:55        --------        d-----w-        c:\users\Kecky\AppData\Roaming\DVDVideoSoft

2013-04-28 22:04 . 2013-04-28 22:04        --------        d---a-w-        c:\users\Users

2013-04-28 16:37 . 2013-04-28 16:37        --------        d-----w-        c:\program files (x86)\DVDVideoSoft

2013-04-28 16:37 . 2013-04-29 00:55        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft

2013-04-28 16:25 . 2013-04-29 18:56        --------        d-----w-        c:\users\Kecky\AppData\Roaming\gtk-2.0

2013-04-28 16:24 . 2013-04-28 16:24        --------        d-----w-        c:\users\Kecky\.thumbnails

2013-04-28 16:23 . 2013-04-29 19:03        --------        d-----w-        c:\users\Kecky\.gimp-2.6

2013-04-28 15:35 . 2013-04-29 00:33        --------        d-----w-        c:\users\Kecky\AppData\Roaming\vlc

2013-04-27 21:12 . 2013-04-10 03:46        9317456        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-24 12:06 . 2013-04-24 12:06        905296        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B70889D1-A75F-4B2A-9CCF-104BF59D36F5}\gapaengine.dll

2013-04-24 12:01 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys

2013-04-18 11:14 . 2013-04-18 11:14        --------        d-----w-        C:\Fraps

2013-04-11 00:08 . 2013-02-21 10:30        1766912        ----a-w-        c:\windows\SysWow64\wininet.dll

2013-04-11 00:08 . 2013-02-21 10:30        817664        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-11 00:08 . 2013-02-21 10:15        2240512        ----a-w-        c:\windows\system32\wininet.dll

2013-04-11 00:08 . 2013-02-21 10:15        1084928        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-11 00:08 . 2013-02-21 10:14        53248        ----a-w-        c:\windows\system32\jsproxy.dll

2013-04-11 00:08 . 2013-02-21 10:14        15404544        ----a-w-        c:\windows\system32\ieframe.dll

2013-04-11 00:08 . 2013-02-21 10:14        19230208        ----a-w-        c:\windows\system32\mshtml.dll

2013-04-10 08:46 . 2013-02-15 06:08        44032        ----a-w-        c:\windows\system32\tsgqec.dll

2013-04-10 08:46 . 2013-02-15 06:06        3717632        ----a-w-        c:\windows\system32\mstscax.dll

2013-04-10 08:46 . 2013-02-15 06:02        158720        ----a-w-        c:\windows\system32\aaclient.dll

2013-04-10 08:46 . 2013-02-15 04:37        3217408        ----a-w-        c:\windows\SysWow64\mstscax.dll

2013-04-10 08:46 . 2013-02-15 04:34        131584        ----a-w-        c:\windows\SysWow64\aaclient.dll

2013-04-10 08:46 . 2013-02-15 03:25        36864        ----a-w-        c:\windows\SysWow64\tsgqec.dll

2013-04-10 08:46 . 2013-03-01 03:36        3153408        ----a-w-        c:\windows\system32\win32k.sys

2013-04-10 08:43 . 2013-03-19 06:04        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-04-10 08:43 . 2013-03-19 05:04        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 08:43 . 2013-03-19 05:04        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2013-04-10 08:43 . 2013-01-24 06:01        223752        ----a-w-        c:\windows\system32\drivers\fvevol.sys

2013-04-10 08:43 . 2013-03-19 05:46        43520        ----a-w-        c:\windows\system32\csrsrv.dll

2013-04-10 08:43 . 2013-03-19 04:47        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll

2013-04-10 08:43 . 2013-03-19 03:06        112640        ----a-w-        c:\windows\system32\smss.exe

2013-04-03 08:11 . 2013-04-12 13:03        26520        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe

2013-04-01 03:10 . 2013-04-01 03:10        --------        d-----w-        c:\users\Kecky\AppData\Local\Macromedia

2013-04-01 03:08 . 2013-04-01 03:08        693976        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-11 00:09 . 2012-08-31 09:29        72702784        ----a-w-        c:\windows\system32\MRT.exe

2013-04-02 10:34 . 2010-11-21 03:27        282744        ------w-        c:\windows\system32\MpSigStub.exe

2013-04-01 03:08 . 2011-11-02 13:48        73432        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-22 02:01 . 2013-03-22 02:01        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll

2013-03-22 02:01 . 2013-03-22 02:01        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll

2013-03-22 02:01 . 2013-03-22 02:01        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll

2013-03-22 02:01 . 2013-03-22 02:01        226304        ----a-w-        c:\windows\system32\elshyph.dll

2013-03-22 02:01 . 2013-03-22 02:01        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll

2013-03-22 02:01 . 2013-03-22 02:01        158720        ----a-w-        c:\windows\SysWow64\msls31.dll

2013-03-22 02:01 . 2013-03-22 02:01        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe

2013-03-22 02:01 . 2013-03-22 02:01        138752        ----a-w-        c:\windows\SysWow64\wextract.exe

2013-03-22 02:01 . 2013-03-22 02:01        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2013-03-22 02:01 . 2013-03-22 02:01        12800        ----a-w-        c:\windows\SysWow64\mshta.exe

2013-03-22 02:01 . 2013-03-22 02:01        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll

2013-03-22 02:01 . 2013-03-22 02:01        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe

2013-03-22 02:01 . 2013-03-22 02:01        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe

2013-03-22 02:01 . 2013-03-22 02:01        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx

2013-03-22 02:01 . 2013-03-22 02:01        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll

2013-03-22 02:01 . 2013-03-22 02:01        452096        ----a-w-        c:\windows\system32\dxtmsft.dll

2013-03-22 02:01 . 2013-03-22 02:01        441856        ----a-w-        c:\windows\system32\html.iec

2013-03-22 02:01 . 2013-03-22 02:01        361984        ----a-w-        c:\windows\SysWow64\html.iec

2013-03-22 02:01 . 2013-03-22 02:01        281600        ----a-w-        c:\windows\system32\dxtrans.dll

2013-03-22 02:01 . 2013-03-22 02:01        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2013-03-22 02:01 . 2013-03-22 02:01        216064        ----a-w-        c:\windows\system32\msls31.dll

2013-03-22 02:01 . 2013-03-22 02:01        197120        ----a-w-        c:\windows\system32\msrating.dll

2013-03-22 02:01 . 2013-03-22 02:01        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2013-03-22 02:01 . 2013-03-22 02:01        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat

2013-03-22 02:01 . 2013-03-22 02:00        762368        ----a-w-        c:\windows\system32\ieapfltr.dll

2013-03-22 02:00 . 2013-03-22 02:00        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll

2013-03-22 02:00 . 2013-03-22 02:00        81408        ----a-w-        c:\windows\system32\icardie.dll

2013-03-22 02:00 . 2013-03-22 02:00        270848        ----a-w-        c:\windows\system32\iedkcs32.dll

2013-03-22 02:00 . 2013-03-22 02:00        235008        ----a-w-        c:\windows\system32\url.dll

2013-03-22 02:00 . 2013-03-22 02:00        97280        ----a-w-        c:\windows\system32\mshtmled.dll

2013-03-22 02:00 . 2013-03-22 02:00        599552        ----a-w-        c:\windows\system32\vbscript.dll

2013-03-22 02:00 . 2013-03-22 02:00        27648        ----a-w-        c:\windows\system32\licmgr10.dll

2013-03-22 02:00 . 2013-03-22 02:00        247296        ----a-w-        c:\windows\system32\webcheck.dll

2013-03-22 02:00 . 2013-03-22 02:00        167424        ----a-w-        c:\windows\system32\iexpress.exe

2013-03-22 02:00 . 2013-03-22 02:00        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl

2013-03-22 02:00 . 2013-03-22 02:00        144896        ----a-w-        c:\windows\system32\wextract.exe

2013-03-22 02:00 . 2013-03-22 02:00        102912        ----a-w-        c:\windows\system32\inseng.dll

2013-03-22 02:00 . 2013-03-22 02:00        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2013-03-22 02:00 . 2013-03-22 02:00        77312        ----a-w-        c:\windows\system32\tdc.ocx

2013-03-22 02:00 . 2013-03-22 02:00        62976        ----a-w-        c:\windows\system32\pngfilt.dll

2013-03-22 02:00 . 2013-03-22 02:00        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll

2013-03-22 02:00 . 2013-03-22 02:00        51200        ----a-w-        c:\windows\system32\imgutil.dll

2013-03-22 02:00 . 2013-03-22 02:00        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2013-03-22 02:00 . 2013-03-22 02:00        173568        ----a-w-        c:\windows\system32\ieUnatt.exe

2013-03-22 02:00 . 2013-03-22 02:00        149504        ----a-w-        c:\windows\system32\occache.dll

2013-03-22 02:00 . 2013-03-22 02:00        13824        ----a-w-        c:\windows\system32\mshta.exe

2013-03-22 02:00 . 2013-03-22 02:00        136192        ----a-w-        c:\windows\system32\iepeers.dll

2013-03-22 02:00 . 2013-03-22 02:00        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll

2013-03-22 02:00 . 2013-03-22 02:00        12800        ----a-w-        c:\windows\system32\msfeedssync.exe

2013-02-12 05:45 . 2013-03-13 23:06        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 23:06        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 23:06        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 23:06        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 23:06        474112        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 23:06        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll

2013-02-12 04:12 . 2013-03-20 21:03        19968        ----a-w-        c:\windows\system32\drivers\usb8023.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="d:\the elder scrolls v skyrim\steam.exe" [2013-04-19 1631144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]

.

c:\users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

2YourFace_Updater.lnk - c:\users\Kecky\AppData\Roaming\2YourFace\Updater.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-6 548528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4C3.tmp [2010-05-26 6144]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-15 48416]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-15 29472]

R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-15 48416]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]

S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-15 32544]

S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]

S3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - fgtoqpoc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2013-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-01 03:08]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService

FontCache

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube to Mp3 Converter - c:\users\Kecky\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Kecky\AppData\Roaming\Mozilla\Firefox\Profiles\m4uxqan0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

AddRemove-Fraps - c:\fraps\uninstall.exe

AddRemove-TeamSpeak 3 Client - c:\program files (x86)\TeamSpeak 3 Client\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\4C3.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{1185823F-F22F-4027-80E5-4F68ACD5DE5E}"=hex:51,66,7a,6c,4c,1d,38,12,51,81,96,

   15,1d,bc,49,05,ff,f3,0c,28,a9,8b,9a,4a

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,

   18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,

   bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:f4,8c,8b,34,ee,b5,cd,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-04-29  21:23:02

ComboFix-quarantined-files.txt  2013-04-29 19:23

.

Vor Suchlauf: 2.437.259.264 Bytes frei

Nach Suchlauf: 3.148.525.568 Bytes frei

.

- - End Of File - - 84C5095AA87E434E2F250EE5D1386A26

Und lieben Dank nochmal an dieser Stelle das du mir weiterhilfst
Wäre nett wenn du mir noch erklärst was Delta-Search so anstellt? oder gibts da schon n Thread zu :confused:

Mfg eastpak24

Servus,

du hast bzgl. JRT und ComboFix alles richtig gemacht. keine Sorge. ;)

DeltaSearch ist an sich nicht gefährlich, aber einfach nur lästig. Es ist ein Browser Hijacker, verändert Startseiten. Zudem tritt es oft zusammen mit anderer unerwünschter Software oder Adware auf. :)

Ich sehe noch ein paar Reste der Adware, die wir noch entfernen müssen. ;)

Schritt 1
Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

File:: c:\users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk Folder:: c:\users\Kecky\AppData\Roaming\2YourFace

Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Schritt 2
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Gibt es noch Probleme mit Delta-Search?
Wenn ja, in welchem Browser?

Bitte poste mit deiner nächsten Antwort

die Logdatei von ComboFix,
die Logdateien von OTL,
die Beantwortung der gestellten Fragen.

Sers Matthias,

Ich bins nochmal :Boogie:
Sorry, konnte die letzn 2 Tage nicht, hoffe du bist mir nich böse :zunge:

Bin auch erst seit 2 Std @Home (Nachtschicht)
Hat aufjedenfall alles geklappt, einzigste Änderung ist das ich die Combofix.txt lieber auf den Desktop abgespeichert hab, denn ich hatte doch auf C:\ComboFix.txt schon dieselbe ? oder überpeichert das automatisch?

Hier die Combofix.txt

Code:

ComboFix 13-05-01.03 - Kecky 02.05.2013   3:41.2.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8173.6414 [GMT 2:00]

ausgeführt von:: c:\users\Kecky\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Kecky\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

FILE ::

"c:\users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\frapsvid.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-04-02 bis 2013-05-02  ))))))))))))))))))))))))))))))

.

.

2013-05-02 01:45 . 2013-05-02 01:45        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-04-30 13:31 . 2013-04-10 03:46        9317456        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{621A9238-1922-434E-A2AD-3450F2FFE2FE}\mpengine.dll

2013-04-29 19:27 . 2013-04-10 03:46        9317456        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-29 19:08 . 2013-04-29 19:08        --------        d-----w-        c:\windows\ERUNT

2013-04-29 19:08 . 2013-04-29 19:08        --------        d-----w-        C:\JRT

2013-04-29 01:22 . 2013-04-29 01:22        98        ----a-w-        c:\windows\DeleteOnReboot.bat

2013-04-29 00:19 . 2013-04-29 00:55        --------        d-----w-        c:\users\Kecky\AppData\Roaming\DVDVideoSoft

2013-04-28 22:04 . 2013-04-29 19:23        --------        d---a-w-        c:\users\Users

2013-04-28 16:37 . 2013-04-28 16:37        --------        d-----w-        c:\program files (x86)\DVDVideoSoft

2013-04-28 16:37 . 2013-04-29 00:55        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft

2013-04-28 16:25 . 2013-04-30 02:36        --------        d-----w-        c:\users\Kecky\AppData\Roaming\gtk-2.0

2013-04-28 16:24 . 2013-04-28 16:24        --------        d-----w-        c:\users\Kecky\.thumbnails

2013-04-28 16:23 . 2013-04-30 02:36        --------        d-----w-        c:\users\Kecky\.gimp-2.6

2013-04-28 15:35 . 2013-04-29 00:33        --------        d-----w-        c:\users\Kecky\AppData\Roaming\vlc

2013-04-24 12:06 . 2013-04-24 12:06        905296        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B70889D1-A75F-4B2A-9CCF-104BF59D36F5}\gapaengine.dll

2013-04-24 12:01 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys

2013-04-18 11:14 . 2013-04-18 11:14        --------        d-----w-        C:\Fraps

2013-04-11 00:08 . 2013-02-21 10:30        1766912        ----a-w-        c:\windows\SysWow64\wininet.dll

2013-04-11 00:08 . 2013-02-21 10:30        817664        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-11 00:08 . 2013-02-21 10:15        2240512        ----a-w-        c:\windows\system32\wininet.dll

2013-04-11 00:08 . 2013-02-21 10:15        1084928        ----a-w-        c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-11 00:08 . 2013-02-21 10:14        53248        ----a-w-        c:\windows\system32\jsproxy.dll

2013-04-11 00:08 . 2013-02-21 10:14        15404544        ----a-w-        c:\windows\system32\ieframe.dll

2013-04-11 00:08 . 2013-02-21 10:14        19230208        ----a-w-        c:\windows\system32\mshtml.dll

2013-04-10 08:46 . 2013-02-15 06:08        44032        ----a-w-        c:\windows\system32\tsgqec.dll

2013-04-10 08:46 . 2013-02-15 06:06        3717632        ----a-w-        c:\windows\system32\mstscax.dll

2013-04-10 08:46 . 2013-02-15 06:02        158720        ----a-w-        c:\windows\system32\aaclient.dll

2013-04-10 08:46 . 2013-02-15 04:37        3217408        ----a-w-        c:\windows\SysWow64\mstscax.dll

2013-04-10 08:46 . 2013-02-15 04:34        131584        ----a-w-        c:\windows\SysWow64\aaclient.dll

2013-04-10 08:46 . 2013-02-15 03:25        36864        ----a-w-        c:\windows\SysWow64\tsgqec.dll

2013-04-10 08:46 . 2013-03-01 03:36        3153408        ----a-w-        c:\windows\system32\win32k.sys

2013-04-10 08:43 . 2013-03-19 06:04        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-04-10 08:43 . 2013-03-19 05:04        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 08:43 . 2013-03-19 05:04        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2013-04-10 08:43 . 2013-01-24 06:01        223752        ----a-w-        c:\windows\system32\drivers\fvevol.sys

2013-04-10 08:43 . 2013-03-19 05:46        43520        ----a-w-        c:\windows\system32\csrsrv.dll

2013-04-10 08:43 . 2013-03-19 04:47        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll

2013-04-10 08:43 . 2013-03-19 03:06        112640        ----a-w-        c:\windows\system32\smss.exe

2013-04-03 08:11 . 2013-04-12 13:03        26520        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-11 00:09 . 2012-08-31 09:29        72702784        ----a-w-        c:\windows\system32\MRT.exe

2013-04-02 10:34 . 2010-11-21 03:27        282744        ------w-        c:\windows\system32\MpSigStub.exe

2013-04-01 03:08 . 2013-04-01 03:08        693976        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-01 03:08 . 2011-11-02 13:48        73432        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-22 02:01 . 2013-03-22 02:01        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll

2013-03-22 02:01 . 2013-03-22 02:01        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll

2013-03-22 02:01 . 2013-03-22 02:01        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll

2013-03-22 02:01 . 2013-03-22 02:01        226304        ----a-w-        c:\windows\system32\elshyph.dll

2013-03-22 02:01 . 2013-03-22 02:01        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll

2013-03-22 02:01 . 2013-03-22 02:01        158720        ----a-w-        c:\windows\SysWow64\msls31.dll

2013-03-22 02:01 . 2013-03-22 02:01        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe

2013-03-22 02:01 . 2013-03-22 02:01        138752        ----a-w-        c:\windows\SysWow64\wextract.exe

2013-03-22 02:01 . 2013-03-22 02:01        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2013-03-22 02:01 . 2013-03-22 02:01        12800        ----a-w-        c:\windows\SysWow64\mshta.exe

2013-03-22 02:01 . 2013-03-22 02:01        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll

2013-03-22 02:01 . 2013-03-22 02:01        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe

2013-03-22 02:01 . 2013-03-22 02:01        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe

2013-03-22 02:01 . 2013-03-22 02:01        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx

2013-03-22 02:01 . 2013-03-22 02:01        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll

2013-03-22 02:01 . 2013-03-22 02:01        452096        ----a-w-        c:\windows\system32\dxtmsft.dll

2013-03-22 02:01 . 2013-03-22 02:01        441856        ----a-w-        c:\windows\system32\html.iec

2013-03-22 02:01 . 2013-03-22 02:01        361984        ----a-w-        c:\windows\SysWow64\html.iec

2013-03-22 02:01 . 2013-03-22 02:01        281600        ----a-w-        c:\windows\system32\dxtrans.dll

2013-03-22 02:01 . 2013-03-22 02:01        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2013-03-22 02:01 . 2013-03-22 02:01        216064        ----a-w-        c:\windows\system32\msls31.dll

2013-03-22 02:01 . 2013-03-22 02:01        197120        ----a-w-        c:\windows\system32\msrating.dll

2013-03-22 02:01 . 2013-03-22 02:01        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2013-03-22 02:01 . 2013-03-22 02:01        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat

2013-03-22 02:01 . 2013-03-22 02:00        762368        ----a-w-        c:\windows\system32\ieapfltr.dll

2013-03-22 02:00 . 2013-03-22 02:00        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll

2013-03-22 02:00 . 2013-03-22 02:00        81408        ----a-w-        c:\windows\system32\icardie.dll

2013-03-22 02:00 . 2013-03-22 02:00        270848        ----a-w-        c:\windows\system32\iedkcs32.dll

2013-03-22 02:00 . 2013-03-22 02:00        235008        ----a-w-        c:\windows\system32\url.dll

2013-03-22 02:00 . 2013-03-22 02:00        97280        ----a-w-        c:\windows\system32\mshtmled.dll

2013-03-22 02:00 . 2013-03-22 02:00        599552        ----a-w-        c:\windows\system32\vbscript.dll

2013-03-22 02:00 . 2013-03-22 02:00        27648        ----a-w-        c:\windows\system32\licmgr10.dll

2013-03-22 02:00 . 2013-03-22 02:00        247296        ----a-w-        c:\windows\system32\webcheck.dll

2013-03-22 02:00 . 2013-03-22 02:00        167424        ----a-w-        c:\windows\system32\iexpress.exe

2013-03-22 02:00 . 2013-03-22 02:00        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl

2013-03-22 02:00 . 2013-03-22 02:00        144896        ----a-w-        c:\windows\system32\wextract.exe

2013-03-22 02:00 . 2013-03-22 02:00        102912        ----a-w-        c:\windows\system32\inseng.dll

2013-03-22 02:00 . 2013-03-22 02:00        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2013-03-22 02:00 . 2013-03-22 02:00        77312        ----a-w-        c:\windows\system32\tdc.ocx

2013-03-22 02:00 . 2013-03-22 02:00        62976        ----a-w-        c:\windows\system32\pngfilt.dll

2013-03-22 02:00 . 2013-03-22 02:00        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll

2013-03-22 02:00 . 2013-03-22 02:00        51200        ----a-w-        c:\windows\system32\imgutil.dll

2013-03-22 02:00 . 2013-03-22 02:00        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2013-03-22 02:00 . 2013-03-22 02:00        173568        ----a-w-        c:\windows\system32\ieUnatt.exe

2013-03-22 02:00 . 2013-03-22 02:00        149504        ----a-w-        c:\windows\system32\occache.dll

2013-03-22 02:00 . 2013-03-22 02:00        13824        ----a-w-        c:\windows\system32\mshta.exe

2013-03-22 02:00 . 2013-03-22 02:00        136192        ----a-w-        c:\windows\system32\iepeers.dll

2013-03-22 02:00 . 2013-03-22 02:00        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll

2013-03-22 02:00 . 2013-03-22 02:00        12800        ----a-w-        c:\windows\system32\msfeedssync.exe

2013-02-12 05:45 . 2013-03-13 23:06        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 23:06        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 23:06        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 23:06        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 23:06        474112        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 23:06        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll

2013-02-12 04:12 . 2013-03-20 21:03        19968        ----a-w-        c:\windows\system32\drivers\usb8023.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="d:\the elder scrolls v skyrim\steam.exe" [2013-04-19 1631144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]

.

c:\users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

2YourFace_Updater.lnk - c:\users\Kecky\AppData\Roaming\2YourFace\Updater.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-6 548528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4C3.tmp [2010-05-26 6144]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-15 48416]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-15 29472]

R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-15 48416]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]

S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-15 32544]

S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]

S3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-01 03:08]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService

FontCache

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube to Mp3 Converter - c:\users\Kecky\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Kecky\AppData\Roaming\Mozilla\Firefox\Profiles\m4uxqan0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

AddRemove-Fraps - c:\fraps\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\4C3.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{1185823F-F22F-4027-80E5-4F68ACD5DE5E}"=hex:51,66,7a,6c,4c,1d,38,12,51,81,96,

   15,1d,bc,49,05,ff,f3,0c,28,a9,8b,9a,4a

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,

   18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,

   bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:f4,8c,8b,34,ee,b5,cd,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-05-02  03:46:35

ComboFix-quarantined-files.txt  2013-05-02 01:46

ComboFix2.txt  2013-04-29 19:23

.

Vor Suchlauf: 3.297.529.856 Bytes frei

Nach Suchlauf: 3.234.299.904 Bytes frei

.

- - End Of File - - 4BBF109CA078320F9FD66115CA890CFD

und die OTL.txt

Code:

OTL logfile created on: 5/2/2013 3:51:28 AM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kecky\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7.98 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 76.97% Memory free

15.96 Gb Paging File | 14.14 Gb Available in Paging File | 88.58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 45.44 Gb Total Space | 3.10 Gb Free Space | 6.81% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 492.17 Gb Free Space | 52.84% Space Free | Partition Type: NTFS

 

Computer Name: KECKY-PC | User Name: Kecky | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013/04/29 14:53:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kecky\Desktop\OTL.exe

PRC - [2013/04/19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2013/04/19 23:10:48 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\The Elder Scrolls V Skyrim\Steam.exe

PRC - [2013/04/12 15:03:33 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2013/04/01 05:08:19 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

PRC - [2010/12/02 04:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

PRC - [2010/11/27 07:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

PRC - [2010/11/10 21:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

PRC - [2010/11/03 19:30:14 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

PRC - [2010/10/21 11:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

PRC - [2010/10/06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2010/10/06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2009/12/23 23:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe

PRC - [2009/07/23 15:16:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013/04/19 23:10:50 | 001,114,024 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\chromehtml.dll

MOD - [2013/04/12 15:03:27 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2013/04/01 05:08:19 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

MOD - [2013/03/27 02:16:40 | 020,341,672 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\libcef.dll

MOD - [2013/03/26 00:23:34 | 000,651,776 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\SDL2.dll

MOD - [2012/12/11 19:51:10 | 001,100,800 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\avcodec-53.dll

MOD - [2012/12/11 19:51:10 | 000,192,000 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\avformat-53.dll

MOD - [2012/12/11 19:51:10 | 000,124,416 | ---- | M] () -- D:\The Elder Scrolls V Skyrim\bin\avutil-51.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/09/17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService)

SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2013/04/19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/04/12 15:03:33 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/04/01 05:08:20 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011/11/28 23:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2010/12/02 04:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc)

SRV - [2010/11/03 19:30:14 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)

SRV - [2010/10/21 11:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2010/10/06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/10/06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/23 23:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)

SRV - [2009/07/23 15:16:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/04/19 09:52:20 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)

DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/03 17:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011/02/24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)

DRV:64bit: - [2011/02/24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)

DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/09/23 10:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/09/17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)

DRV:64bit: - [2010/09/17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2010/09/17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)

DRV:64bit: - [2010/09/17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV:64bit: - [2010/09/14 12:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/07/01 16:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)

DRV:64bit: - [2010/05/26 11:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\4C3.tmp -- (MEMSWEEP2)

DRV:64bit: - [2010/01/15 14:27:46 | 000,032,544 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)

DRV:64bit: - [2010/01/15 14:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)

DRV:64bit: - [2010/01/15 14:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)

DRV:64bit: - [2010/01/15 14:27:18 | 000,029,472 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)

DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008/01/04 23:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)

DRV - [2005/01/03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011/05/06 19:17:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 15:03:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 15:03:33 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2011/10/24 17:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kecky\AppData\Roaming\Mozilla\Extensions

[2013/04/29 21:11:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kecky\AppData\Roaming\Mozilla\Firefox\Profiles\m4uxqan0.default\extensions

[2012/10/27 15:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013/04/12 15:03:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/06/22 19:00:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012/08/30 08:15:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/22 19:00:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012/06/22 19:00:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012/06/22 19:00:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012/06/22 19:00:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2013/05/02 03:45:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)

O4 - HKCU..\Run: [Steam] D:\The Elder Scrolls V Skyrim\steam.exe (Valve Corporation)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk =  File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kecky\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found

O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kecky\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E796B2B2-CDAD-49E1-AA14-79017D1E8F87}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013/05/02 03:50:27 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Desktop\OTL&Registri&Extra

[2013/05/02 03:46:36 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/05/02 03:35:59 | 005,064,153 | R--- | C] (Swearware) -- C:\Users\Kecky\Desktop\ComboFix.exe

[2013/04/29 21:15:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/04/29 21:15:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/04/29 21:15:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/04/29 21:15:34 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/04/29 21:15:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/04/29 21:08:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/04/29 21:08:21 | 000,000,000 | ---D | C] -- C:\JRT

[2013/04/29 21:05:44 | 000,545,302 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Kecky\Desktop\JRT.exe

[2013/04/29 14:53:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kecky\Desktop\OTL.exe

[2013/04/29 02:19:03 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Roaming\DVDVideoSoft

[2013/04/28 20:52:06 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Documents\Bilder

[2013/04/28 18:53:18 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Desktop\Plugins

[2013/04/28 18:37:42 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Documents\DVDVideoSoft

[2013/04/28 18:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2013/04/28 18:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft

[2013/04/28 18:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2013/04/28 18:25:10 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Roaming\gtk-2.0

[2013/04/28 18:24:17 | 000,000,000 | ---D | C] -- C:\Users\Kecky\.thumbnails

[2013/04/28 18:23:31 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Documents\gegl-0.0

[2013/04/28 18:23:31 | 000,000,000 | ---D | C] -- C:\Users\Kecky\.gimp-2.6

[2013/04/28 17:35:37 | 000,000,000 | ---D | C] -- C:\Users\Kecky\AppData\Roaming\vlc

[2013/04/28 17:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2013/04/18 13:14:33 | 000,000,000 | ---D | C] -- C:\Fraps

[2013/04/15 19:29:32 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Desktop\Movie

[2013/04/15 19:19:33 | 000,000,000 | ---D | C] -- C:\Users\Kecky\Desktop\Ordner 2013

[2013/04/11 02:09:04 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/04/11 02:09:04 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/04/11 02:09:03 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/04/11 02:09:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/04/11 02:09:03 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/04/11 02:09:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/04/11 02:09:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/04/11 02:09:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/04/11 02:09:03 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/04/11 02:09:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/04/11 02:09:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/04/11 02:09:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/04/11 02:09:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/04/11 02:09:00 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/04/11 02:09:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/04/10 10:46:54 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2013/04/10 10:46:54 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013/04/10 10:46:54 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll

[2013/04/10 10:46:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll

[2013/04/10 10:46:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll

[2013/04/10 10:46:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll

[2013/04/10 10:43:30 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/04/10 10:43:30 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/04/10 10:43:30 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/04/10 10:43:29 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe

[2013/04/10 10:43:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2013/04/10 10:43:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013/05/02 03:45:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/05/02 03:39:01 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/02 03:39:01 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/02 03:37:50 | 001,529,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/05/02 03:37:50 | 000,665,562 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013/05/02 03:37:50 | 000,627,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/05/02 03:37:50 | 000,133,774 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013/05/02 03:37:50 | 000,110,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/05/02 03:37:09 | 005,064,153 | R--- | M] (Swearware) -- C:\Users\Kecky\Desktop\ComboFix.exe

[2013/05/02 03:33:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/02 03:33:04 | 2132,713,471 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/01 04:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/04/30 04:36:16 | 000,013,497 | ---- | M] () -- C:\Users\Kecky\.recently-used.xbel

[2013/04/30 04:36:11 | 000,111,262 | ---- | M] () -- C:\Users\Kecky\Desktop\CazziAmariBearbeitung.xcf

[2013/04/30 04:06:50 | 000,032,620 | ---- | M] () -- C:\Users\Kecky\Desktop\CazziAmari.jpg

[2013/04/29 21:05:54 | 000,545,302 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Kecky\Desktop\JRT.exe

[2013/04/29 15:21:29 | 000,377,856 | ---- | M] () -- C:\Users\Kecky\Desktop\gmer_2.1.19163.exe

[2013/04/29 15:19:58 | 000,000,000 | ---- | M] () -- C:\Users\Kecky\defogger_reenable

[2013/04/29 14:53:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kecky\Desktop\OTL.exe

[2013/04/29 04:28:13 | 000,050,477 | ---- | M] () -- C:\Users\Kecky\Desktop\Defogger.exe

[2013/04/29 04:02:45 | 000,628,743 | ---- | M] () -- C:\Users\Kecky\Desktop\AdwCleaner.exe

[2013/04/29 03:22:59 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat

[2013/04/29 02:55:11 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk

[2013/04/29 02:19:12 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk

[2013/04/28 21:00:45 | 000,002,121 | ---- | M] () -- C:\Users\Kecky\Desktop\Microsoft Security Essentials.lnk

[2013/04/28 18:59:09 | 000,001,040 | ---- | M] () -- C:\Users\Kecky\Desktop\IV_Player - Verknüpfung.lnk

[2013/04/28 18:37:46 | 000,001,243 | ---- | M] () -- C:\Users\Kecky\Desktop\DVDVideoSoft Free Studio.lnk

[2013/04/28 18:23:29 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk

[2013/04/28 17:14:48 | 000,000,655 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013/04/11 11:38:25 | 000,417,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/04/07 02:37:45 | 000,002,127 | ---- | M] () -- C:\Windows\epplauncher.mif

[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013/04/30 04:36:16 | 000,013,497 | ---- | C] () -- C:\Users\Kecky\.recently-used.xbel

[2013/04/30 04:36:11 | 000,111,262 | ---- | C] () -- C:\Users\Kecky\Desktop\CazziAmariBearbeitung.xcf

[2013/04/29 22:14:44 | 000,032,620 | ---- | C] () -- C:\Users\Kecky\Desktop\CazziAmari.jpg

[2013/04/29 21:15:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/04/29 21:15:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/04/29 21:15:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/04/29 21:15:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/04/29 21:15:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/04/29 15:21:25 | 000,377,856 | ---- | C] () -- C:\Users\Kecky\Desktop\gmer_2.1.19163.exe

[2013/04/29 15:19:58 | 000,000,000 | ---- | C] () -- C:\Users\Kecky\defogger_reenable

[2013/04/29 04:28:13 | 000,050,477 | ---- | C] () -- C:\Users\Kecky\Desktop\Defogger.exe

[2013/04/29 04:02:24 | 000,628,743 | ---- | C] () -- C:\Users\Kecky\Desktop\AdwCleaner.exe

[2013/04/29 03:22:54 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat

[2013/04/29 02:55:11 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Download.lnk

[2013/04/29 02:19:12 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk

[2013/04/28 21:00:45 | 000,002,121 | ---- | C] () -- C:\Users\Kecky\Desktop\Microsoft Security Essentials.lnk

[2013/04/28 18:59:09 | 000,001,040 | ---- | C] () -- C:\Users\Kecky\Desktop\IV_Player - Verknüpfung.lnk

[2013/04/28 18:37:42 | 000,001,243 | ---- | C] () -- C:\Users\Kecky\Desktop\DVDVideoSoft Free Studio.lnk

[2013/04/28 18:23:29 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk

[2013/04/28 17:14:48 | 000,000,655 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012/11/22 05:52:27 | 000,004,096 | -H-- | C] () -- C:\Users\Kecky\AppData\Local\keyfile3.drm

[2012/01/02 09:09:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/10/25 00:22:38 | 000,000,632 | ---- | C] () -- C:\Windows\CoD.INI

[2011/10/23 22:49:33 | 000,000,166 | ---- | C] () -- C:\Windows\WLP.ini

[2011/05/06 18:54:22 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

[2011/05/06 18:53:41 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2011/05/06 18:53:34 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll

[2011/05/06 18:53:34 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2011/05/06 18:53:34 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2011/05/06 18:52:49 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll

[2011/05/06 18:47:11 | 000,008,949 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2011/05/06 18:47:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011/05/06 18:47:04 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

[2011/05/06 18:47:04 | 000,005,557 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

 
 ========== ZeroAccess Check ==========

 

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 

< End of report >

und zu guter letzt noch die Extra.txt

Code:

OTL Extras logfile created on: 5/2/2013 3:51:28 AM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kecky\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7.98 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 76.97% Memory free

15.96 Gb Paging File | 14.14 Gb Available in Paging File | 88.58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 45.44 Gb Total Space | 3.10 Gb Free Space | 6.81% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 492.17 Gb Free Space | 52.84% Space Free | Partition Type: NTFS

 

Computer Name: KECKY-PC | User Name: Kecky | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\VLC media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0386CD1F-D82F-46BB-BF6B-828B157E8B82}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{0C0BCDF3-2229-4A23-93BF-591621AA61FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{0FADF6B8-9176-4F25-AF1A-CEEA38E0909D}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1925B6B6-631F-4BCB-8185-0FC2C47466AD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{338E34AB-16BB-48AF-B22A-6F2B03FDF3BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{37B154A3-5250-4AFE-AD9C-40FA5E228714}" = rport=445 | protocol=6 | dir=out | app=system | 

"{3810DC4D-BAF5-41B4-AFF1-AF4BB2457A8E}" = lport=138 | protocol=17 | dir=in | app=system | 

"{3B3B386E-4127-4A67-BAB7-54C1B0CACB0A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{463F4E2E-2BF7-44FD-9F87-CE3C475A6B72}" = rport=138 | protocol=17 | dir=out | app=system | 

"{5C330739-25C9-4CAF-BEC7-CE618B6EE12B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{634A59D9-7839-48BC-A52B-B9AB743297A5}" = lport=137 | protocol=17 | dir=in | app=system | 

"{81A39940-A3E9-46BE-8E0F-23FDCADBADE2}" = rport=137 | protocol=17 | dir=out | app=system | 

"{850A67EA-F4C8-4DDD-8C89-8160A5D509C1}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{934A89AD-B481-433E-A8FA-C93E27EE6671}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{96AABC30-B7BC-47DF-A360-69A5A07F2872}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{9BCB96FE-B66F-439E-9491-946D8D5CD0B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{9BCCE45E-AB81-4DF8-92BA-9E774AF93090}" = lport=445 | protocol=6 | dir=in | app=system | 

"{B6059378-474E-44C2-A8EE-6E0EAE3F8A8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B761A781-7CA9-4BA4-B999-D83E004AED5A}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{C9DD9E78-03DE-4E2F-ADC6-A9640DDD6C8A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{E33416E2-3B7A-4BD0-9C9C-67D4DEA4F689}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{F387FDF3-BBDC-43AC-ABA3-E6988F162D40}" = lport=139 | protocol=6 | dir=in | app=system | 

"{FC98107C-A4A0-4F6D-9B57-6FA1A69E56AB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{088B353E-A8EF-4F37-8D30-8243A17B012D}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | 

"{0E835E25-94B5-46A9-AAD6-62AEA0FA923A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 

"{0F916AAB-0146-45BB-9F90-E05353C71A4B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{1043BE92-A1BA-4FFB-A593-EF1EF50A7B56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{112BFE27-B88A-499F-B96F-C261C8C908AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{134B205E-5619-4736-A33D-72384219ACF9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 

"{169FE2E9-A1A9-4695-9B84-242911485369}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 

"{1C4A6667-DAF6-42D0-807F-9F6D25BEC81F}" = protocol=6 | dir=in | app=d:\the elder scrolls v skyrim\steamapps\common\skyrim\skyrimlauncher.exe | 

"{1D9408B3-F504-43F6-BA55-7AA4403E8F7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{1EDC16A7-E855-4751-9808-44DA400AC877}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{29F23642-E484-47CD-8B88-A71FE23BD3F2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 

"{31150389-657D-4A3E-BA8F-4C91B277A077}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 

"{3E10EC4D-D219-4989-B18F-472C8DE89024}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{4124FB86-1452-4D86-8A7B-410F8768E573}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 

"{46E948B5-A4FC-4421-86D9-B1821D98A7DE}" = protocol=6 | dir=out | app=system | 

"{477E0412-50F9-44FB-900A-46100B5A7004}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 

"{4BFA3BA1-90C0-4B00-B21A-61DEF722BA34}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 

"{4C422458-A9BC-45BB-97C5-B1F978186BA0}" = protocol=17 | dir=in | app=c:\users\kecky\appdata\roaming\2yourface\updater.exe | 

"{5302029D-ACED-44F1-B4D7-5CF82856B7BA}" = protocol=17 | dir=in | app=d:\the elder scrolls v skyrim\steamapps\common\skyrim\skyrimlauncher.exe | 

"{55C1E1C1-9B91-4798-ADF9-07A28D8DCFF6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{62AD5D0D-A9AB-44F5-9DCA-0AA8BE6CEAD0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{69703DAC-5167-4062-BEC6-F55B4E2C693D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{73E1532B-C011-441E-9E7D-F5F598B08D35}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 

"{7BA77C9F-21E5-4B65-B393-F21B8BAE74E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{854CC4BE-0E33-4606-8171-3E80E9494D0A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{884BA2FE-041B-4728-AAFA-00F3898BC968}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 

"{8962DBE4-9D34-475A-9ACE-FDA8B53121CA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{9182A833-859F-47FE-BF66-985EC388C578}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 

"{965D2F90-AB8D-46CD-B965-943D2DFF7A1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{9A5FDC38-07B3-462F-9435-3AAB1FEFE7DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A21C6DEF-C86B-4530-87EC-252334FA3A54}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 

"{AAD0A0EF-E86A-462D-9695-9939C99F0AD5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{B030928E-333D-4C03-9E35-E1696C9FBD01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{BF55F325-3672-4A60-8E3E-A47FD921F9C6}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 

"{C21ADCCF-9F10-42F4-8600-23F8961FC7AD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 

"{C432E615-D21D-46A6-AA45-17EE7A900EE1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 

"{C4BD0487-D506-4866-842F-58D874F66260}" = protocol=17 | dir=in | app=d:\the elder scrolls v skyrim\steam.exe | 

"{C8B7065B-6312-4E3C-8280-83EC28C3FD0E}" = protocol=17 | dir=in | app=d:\diablooooo\diablo iii\diablo iii.exe | 

"{C9C3F548-36B8-4306-8572-30E725A37314}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{CAA92511-9FDB-484B-8079-351879910F1C}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 

"{CD5AEEA6-14D9-4725-B27C-D7A1DD905E17}" = protocol=6 | dir=in | app=d:\the elder scrolls v skyrim\steam.exe | 

"{D47BF837-FBEB-4918-9B01-2789FAA337B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{DAE44E19-8FBC-4DA5-8982-01654AC5FDB2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 

"{E0529AFC-2E7B-4EF3-9BA7-788EEB7D3340}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 

"{E3A3D9D5-7D0D-4753-927C-0E5D2D2818B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{EEEF5903-16D5-4110-A306-7CA1E304E88D}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | 

"{F3D9C09C-B3D9-484C-BCDF-6B132DAC143B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{F9DFFD89-72E5-46F4-B61C-22A4EABFD36F}" = protocol=6 | dir=in | app=c:\users\kecky\appdata\roaming\2yourface\updater.exe | 

"{FAD4F571-059F-48BB-B8DC-1581D24523EE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 

"{FB103DA0-F838-46FB-895D-01EB0E10C742}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{FB927191-9114-4A02-A186-34F93249F8AB}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 

"{FDF8D6E5-1120-4E83-B983-0CDCB573C8DF}" = protocol=6 | dir=in | app=d:\diablooooo\diablo iii\diablo iii.exe | 

"TCP Query User{123E810B-EC72-4EFA-9C14-309DB6768D7B}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 

"TCP Query User{2B82CAEB-E199-4DDF-94F4-FDDD4F7E148D}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 

"TCP Query User{6E4229DA-1AD6-4D77-A656-AA5DD4472E6E}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 

"TCP Query User{7A993C27-A8C0-4E55-88C4-1D78DFBB8025}D:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 

"TCP Query User{8E2E4412-E7D1-4BEC-9E77-0884ED187F74}D:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 

"TCP Query User{9852667B-A9B0-469B-AD39-F5A8011BBD24}D:\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base24944\sc2.exe | 

"TCP Query User{9FA5C62E-CC7B-411D-9544-1F92A1C03EA8}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 

"TCP Query User{AC2431E7-F6B2-4E10-B63E-54E81CB3B143}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 

"TCP Query User{ACED9FD3-446F-41B6-8A56-FE10C808B886}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe | 

"TCP Query User{B1927DB4-2CC6-4911-83ED-525550FA9A36}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 

"TCP Query User{B6D1D6CE-1E2E-4746-B78D-1301D068E738}D:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 

"TCP Query User{BBC66214-8793-4471-988B-65D71328220D}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 

"TCP Query User{E23E6333-EDAF-4FFB-A44F-86FA5B3CE827}D:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 

"TCP Query User{F6032BE0-5F1C-43EB-AFE1-00DC8E34F9AA}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe | 

"UDP Query User{1E8BF838-1E97-4828-808A-4444DE19FF47}D:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 

"UDP Query User{221029D8-5F8D-42E5-8364-0320452D69D3}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe | 

"UDP Query User{2F07FC19-BAC7-4C91-AB5C-8573B69CE476}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 

"UDP Query User{45EDC978-9C18-403C-94B3-0E2ED8C3A573}D:\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base24944\sc2.exe | 

"UDP Query User{54CC63C5-41E5-4A4D-BFB4-BF8CAEE87ED6}D:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 

"UDP Query User{5F4C353D-7115-4007-B246-F1EB04B285DC}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 

"UDP Query User{77A1EDD2-8F12-4E08-B4F3-FFB5AB9F8E2E}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 

"UDP Query User{8C541F62-295D-499B-9A0E-E7A9B96310AB}D:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 

"UDP Query User{C7FB8A7F-7010-4276-A7F9-2999F7D84D67}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 

"UDP Query User{CF5E2D36-D5C7-4A24-A723-EA766911A572}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe | 

"UDP Query User{D2F8BDEB-9FFB-4C17-B227-49E2F9131CCC}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 

"UDP Query User{F7DB1FB6-1EF4-4247-B082-099B5F25C777}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 

"UDP Query User{FB399FF7-2AA1-4053-9427-D3EB77E87E0A}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 

"UDP Query User{FEFC9D8F-EC21-4E7F-A4D4-1CDFC90D481D}D:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety

"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security

"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.29

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.29

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{124C9BD0-8C52-40AB-8238-0605703B1C28}" = ASUS Backup Wizard

"{12e3104b-7dc7-4ad5-9ea7-411d2955904b}" = Nero 9 Essentials

"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help

"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh

"{40FDC018-23A6-4618-B30A-A8EFCAA22A3D}" = Wildlife Park

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger

"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager

"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Realtek Ethernet Diagnostic Utility

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer

"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker

"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail

"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack

"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver

"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Asus Vibe2.0" = AsusVibe2.0

"Audacity_is1" = Audacity 2.0.2

"AV Voice Changer Software 7.0" = AV Voice Changer Software 7.0

"Diablo III" = Diablo III

"Fraps" = Fraps

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4

"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.426

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.426

"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4

"StarCraft II" = StarCraft II

"Steam App 72850" = The Elder Scrolls V: Skyrim

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.1.3

"WinGimp-2.0_is1" = GIMP 2.6.8

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.20 (32-Bit)

"World of Warcraft" = World of Warcraft

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 4/30/2013 9:21:59 AM | Computer Name = Kecky-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 5/1/2013 9:34:58 PM | Computer Name = Kecky-PC | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 4/29/2013 3:18:15 PM | Computer Name = Kecky-PC | Source = Service Control Manager | ID = 7030

Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.

 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich

 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

 

Error - 4/29/2013 3:20:40 PM | Computer Name = Kecky-PC | Source = Application Popup | ID = 1060

Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys

 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version

 des Treibers zu erhalten.

 

Error - 4/29/2013 3:21:20 PM | Computer Name = Kecky-PC | Source = Service Control Manager | ID = 7030

Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.

 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich

 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

 

Error - 5/1/2013 9:43:04 PM | Computer Name = Kecky-PC | Source = Service Control Manager | ID = 7030

Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.

 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich

 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

 

Error - 5/1/2013 9:43:35 PM | Computer Name = Kecky-PC | Source = Microsoft Antimalware | ID = 2001

Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
 

        Neue

 Signaturversion:      Vorherige Signaturversion: 1.149.907.0     Aktualisierungsquelle: %%859
 

        Aktualisierungsphase:

 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803
 

        Benutzer:

 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.9402.0     Fehlercode:

 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.

 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie

 unter "Hilfe und Support". 

 

Error - 5/1/2013 9:44:59 PM | Computer Name = Kecky-PC | Source = Application Popup | ID = 1060

Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys

 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version

 des Treibers zu erhalten.

 

Error - 5/1/2013 9:44:59 PM | Computer Name = Kecky-PC | Source = Application Popup | ID = 1060

Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys

 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version

 des Treibers zu erhalten.

 

Error - 5/1/2013 9:45:22 PM | Computer Name = Kecky-PC | Source = Service Control Manager | ID = 7030

Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.

 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich

 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

 

 

< End of report >

Soweit alles in Ordnung? is mein PC nun clean?
Was ich noch sagen wollte :lach:... was liest du aus den logs den genau raus? Ich erkenn zwar meinen Speicher diverse Ordner & Zeitangaben aber dann is auch schon Schluss.
Da merkt man erst wie unwissend man doch ist und in mir kommt son Gefühl hoch und das nervt mich abgrundtief, vllt besuch ich mal einen Kurs und eigne mir die wichtigsten Sachen an.

Zitat:

Zitat von M-K-D-B (Beitrag 1054146)

Gibt es noch Probleme mit Delta-Search?
Wenn ja, in welchem Browser?

1.) Weiß ich jetz nocht nicht, mein Browser funktionierte ja die ganze Zeit ohne laggs und nur anfangs war es so als es noch als (alllalsss, musste sein :lach:) Startseite markiert war hab's ja dann per Systemsteuerung > Delta Search, deinstalliert gehabt und dann waren alle beschwerden weg aber wie heißt es so schön?- Wenn die Symptome weg sind bedeutet das noch lange nicht, dass es auch wirklich weg ist.

Hab nur ein Problem, die Beiträge abschicken brauchen EWIGKEITEN fast 2min bis die Änderungen gespeichert sind der Rest Google aufmachen, downloadn, Vids angucken geht wie gewohnt schnell

2.) Ich benutze nur Firefox

Achja ehm hab mal bei Microsoft Security Essentials geguckt und unter Verlauf was gefunden vllt ist das ja von Bedeutung?

AdwareWin32/OpenCandy - Warnstufe: Mittel

Hatte das Ding total vergessen, hoffe es ist nichts schädliches?

mfg eastpak24

Servus,

Zitat:

Zitat von eastpak24 (Beitrag 1055052)

Hat aufjedenfall alles geklappt, einzigste Änderung ist das ich die Combofix.txt lieber auf den Desktop abgespeichert hab, denn ich hatte doch auf C:\ComboFix.txt schon dieselbe ? oder überpeichert das automatisch?

ComboFix gib dem alten Logfile eine andere Bezeichnung und bezeichnet das neue automatisch dann mit combofix.txt. Du hättest es also nicht auf dem Desktop speichern müssen, aber egal. ;)

Zitat:

Zitat von eastpak24 (Beitrag 1055052)

Einen kleinen Rest sehe ich noch. Den entfernen wir noch schnell und kontrollieren nochmal alles. ;)

Zitat:

Zitat von eastpak24 (Beitrag 1055052)

Richtig erkannt. Wir haben es bald geschafft. :)

Zitat:

Zitat von eastpak24 (Beitrag 1055052)

Hab nur ein Problem, die Beiträge abschicken brauchen EWIGKEITEN fast 2min bis die Änderungen gespeichert sind der Rest Google aufmachen, downloadn, Vids angucken geht wie gewohnt schnell

Es kann schon mal sein, dass das Forum etwas überlastet ist. :)

Zitat:

Zitat von eastpak24 (Beitrag 1055052)

Achja ehm hab mal bei Microsoft Security Essentials geguckt und unter Verlauf was gefunden vllt ist das ja von Bedeutung?

AdwareWin32/OpenCandy - Warnstufe: Mittel

Hatte das Ding total vergessen, hoffe es ist nichts schädliches?

Ist nichts Schlimmes, sollte mittlerweile auch entfernt sein.

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:OTL

O4 - Startup: C:\Users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk =  File not found
 

:files

C:\Users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk
 

:Commands

[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Sers Matthias,

ESET Online Scanner löschen? FRAGE wieso? vertrauste dem Zeug nicht? :lach:
Ich denk mal das der Scanner von vielen GameGuard's als Bedrohung erkannt wird? und man Account bann verdonnert bekommt?
Darauf hab ich natürlich noch eine Frage und zwar soll ich Adwcleaner, ComboFix, JRT, Defogger, OTL SecurityCheck & Malwarebyte komplett wieder löschen? oder wird das nicht als Bedrohung erkannt "nur" der Eset Scanner? (falls meine Theorie überhaupt stimmen sollte)

ESET hat fast 2Std gebraucht :eek:, liegt bestimmt an dem zu vollem Speicher?

-kurz noch zu ESET weil ich da was nich gepeilt hab

Schließe das Fenster von ESET.

Explorer öffnen.

??Wieso Explorer öffnen :wtf: versteh ich nicht :confused:, hab einfach die beiden Schritte übersprungen.

Hier die OTL
C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt

Code:

All processes killed

========== OTL ==========

C:\Users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk moved successfully.

========== FILES ==========

File\Folder C:\Users\Kecky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Kecky

->Temp folder emptied: 483134 bytes

->Temporary Internet Files folder emptied: 5983458 bytes

->FireFox cache emptied: 75322252 bytes

->Flash cache emptied: 33973 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: Users

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 12288 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5336 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78140 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 78.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 05022013_131018
 

Files\Folders moved on Reboot...

C:\Users\Kecky\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Was ich an dem Punkt noch kurz anmerken will der Name der txt von OTL is dieselbe.
Also hab 1x txt und 1x Ordner mit dem selben Namen in dem Ordner hier
C:\_OTL\MovedFiles\ (MovedFiles)

Malewarebyte.txt

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.05.02.02
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16540

Kecky :: KECKY-PC [Administrator]
 

Schutz: Aktiviert
 

02.05.2013 13:26:01

mbam-log-2013-05-02 (13-26-01).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 224905

Laufzeit: 1 Minute(n), 42 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

ESET Online Scanner.txt

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=06fc072cefb7ce42b061b317f239925f

# engine=13739

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-05-02 01:02:54

# local_time=2013-05-02 03:02:54 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 15896231 119129624 0 0

# scanned=239245

# found=0

# cleaned=0

# scan_time=4707

Yippie gleich geschafft :daumenhoc

Security-checkup.txt

Code:

 Results of screen317's Security Check version 0.99.62  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 9  
 ``````````````Antivirus/Firewall Check:`````````````` 

Trend Micro Titanium Internet Security   

Microsoft Security Essentials            

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Sophos Anti-Rootkit 1.5.4   

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 Adobe Flash Player 10 Flash Player out of Date! 

 Adobe Flash Player 11.6.602.180  

 Mozilla Firefox (20.0.1) 
 ````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 Trend Micro Titanium TiMiniService.exe  

 Trend Micro Titanium TiResumeSrv.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

So hoffe ist jetz endlich bereinigt

mfg eastpak24

Servus,

Zitat:

ESET Online Scanner löschen? FRAGE wieso? vertrauste dem Zeug nicht?

Wieso behalten? Würde ich ESET nicht vertrauen, hätte ich den Scan nicht angewiesen.

Zitat:

Ich denk mal das der Scanner von vielen GameGuard's als Bedrohung erkannt wird? und man Account bann verdonnert bekommt?

Wieso sollte ESET als Bedrohung erkannt werden? Wird ja immer lustiger, was du dir hier zusammenreimst... :rofl:

Zitat:

Darauf hab ich natürlich noch eine Frage und zwar soll ich Adwcleaner, ComboFix, JRT, Defogger, OTL SecurityCheck & Malwarebyte komplett wieder löschen? oder wird das nicht als Bedrohung erkannt "nur" der Eset Scanner? (falls meine Theorie überhaupt stimmen sollte)

Lies dir bitte meine "Hinweise" in meiner ersten Antwort durch. Dort wird genau das Thema angesprochen. ;)

Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Schritt 1
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast:

Code:

Trend Micro Titanium Internet Security  

Microsoft Security Essentials

Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Programme deinstallieren / Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:

Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."

Schritt 2

Folge folgendem Pfad: Start -> Systemsteuerung -> Software / Programme deinstallieren
Suche in der Liste Software mit dem folgenden Namen
- Adobe Flash Player 10
und deinstalliere das Programm.
Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.
Sollte es Probleme mit der Deinstallation geben, so lass es mich bitte wissen.

Schritt 3
Deine Version von Adobe Flash Player ist veraltet.
Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:

Bitte besuche diese Seite von Adobe.
Wähle dein Betriebssystem und deinen Internetbrowser ("Internet Explorer" oder "other" für Firefox zum Beispiel)
Deaktiviere gegebenenfalls den Haken vor Google Chrome bzw. McAfee Security Scan.
Installiere die neuste Version auf deinem Computer.

Schritt 4
Sofern verwendet, starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.

Schritt 5
Downloade dir bitte delfix auf deinen Desktop.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.
DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
Sollten noch Programme, die wir verwendet haben, vorhanden sein, so lösche diese bitte per Hand.

Schritt 6
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
WOT (Web of trust)
Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC

Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein paar ( englische ) Links:
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Sers

Hab mich für Microsoft Security Essentials entschieden, Trend Micro Titanium Internet Security war zwar von anfang an auf dem Pc aber war nur eine Demo Version es sei den du empfiehlst mir bessere Anti-Virus-Programme, kenn mich mit dem Zeug ja wie schon öfter's erwähnt nicht aus, wäre nett wenn du was empfehlen könntest.

Zitat:

OK so hab ich das ganze noch nicht betrachtet.
War dauernd der Meinung umso mehr umso besser.
Nehmen wir nochmal das beispiel mit dem Torwart, stell dir vor in einem Tor stehen 20 Torhüter, na? wie will da ein Ball durch, der prallt doch sauber ab die müssen sich noch nicht mal bewegen/konzentriern :lach:

Jetz erkennst du vllt auch mein Problem und wieso mein Speicher so voll ist, kann mich einfach schlecht davon trennen war auch kurz vorm durchdrehn als ich die Tools die wir die letzen 2 Seiten benutzt haben entfernen musste, ich denk immer so OHA geiles Programm muss ich aufjedenfall behalten weil es mir weiterhilft, und schaden kann es ja nicht :crazy:

Hab 2 Sachen gefunden.

Windows-Defender (überwacht Spyware und andere eventuelle unerwünschte Software)

Sophos-Anti-Rootkit (ist mir entfallen wozu/warum/wieso ich das habe)

Hab die 2 Sachen aufjedenfall empfohlen bekommen und deshalb mir gezogen, vllt kannst du mir dazu ja mehr erzähln?

Hab mir eben auch WOT gezogen aber nicht von dort wo ich's sollte, sondern von der offizielen Mozilla Seite wo auch die anderen beiden Addons zu finden waren.
Die Seite die du mir empfohlen hast war mir..mir, wie soll ich sagen bissl komisch hab auf download gedrückt dann kam oben in der leiste Firefox blockiert bla und das ich es "Erlauben" soll > meine Reaktion erstmal das Face hier :wtf: und dann sofort X gedrückt :lach:

ich wurde auf die Seite www.mywot.com oder so hieß das umgeleitet

Zitat:

Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein paar ( englische ) Links:
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Dein Zweiter Link funktioniert nicht - Page 404 not found

Würde noch gern mehr schreiben aber diese Browser-Addons lassn mich gleich vor Wut explodiern kann nur 3 Smileys und nicht Fett schreiben wird alles geblockt :daumenrunter:

bevor ich mich verabschiede VIELEN VIELEN DANK für deine mühen + Geduld ich glaub bin jetz um einiges schlauer (nehm ich an :lach:)

*Edit

Zitat:

Zitat von M-K-D-B (Beitrag 1054146)

Servus,
DeltaSearch ist an sich nicht gefährlich, aber einfach nur lästig. Es ist ein Browser Hijacker, verändert Startseiten. Zudem tritt es oft zusammen mit anderer unerwünschter Software oder Adware auf. :)

verändert das nur meine eigene Startseite oder komplett alle Startseiten die im Web zu finden sind? z.b. facebook

Hab dir PM geschrieben hoffe du hast die bekommen, ka bugt wegen den Addon's 5x abschicken gedrückt un nix hat sich getan

mfg eastpak24

Servus,

Zitat: