| hypercraft | 30.05.2013 15:26 |
Hallo Leo,
Vielen Dank für die schnelle Antwort und dafür, dass du mir hilfst:daumenhoc,
Vorneweg erst mal: Ich habe noch einen Scan mit Malwarebytes laufen lassen das Logfile poste ich gleich mit. Ich habe jetzt 15 Dateien in meinem Quarantäne Ordner.
Log von Malwarebytes Code:
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.05.30.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Valet :: VALET-PC [Administrator]
Schutz: Aktiviert
30.05.2013 15:40:26
2013 Log.txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 233179
Laufzeit: 2 Minute(n), 30 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: c:\users\valet\dxynbfvp.exe -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Users\Valet\dxnckp.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\Valet\dxuiedevy.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.
(Ende)
Log von Defogger Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:02 on 30/05/2013 (Valet)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Log von GMER Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-30 16:10:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000004d SAMSUNG_ rev.1AJ1 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Valet\AppData\Local\Temp\fgloypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076461465 2 bytes [46, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764614bb 2 bytes [46, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076461465 2 bytes [46, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764614bb 2 bytes [46, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3732] entry point in ".rdata" section 00000000735f71e6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007788f991 7 bytes {MOV EDX, 0xe2ea28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007788fbd5 7 bytes {MOV EDX, 0xe2ea68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007788fc05 7 bytes {MOV EDX, 0xe2e9a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007788fc1d 7 bytes {MOV EDX, 0xe2e928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007788fc35 7 bytes {MOV EDX, 0xe2eb28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007788fc65 7 bytes {MOV EDX, 0xe2eb68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007788fce5 7 bytes {MOV EDX, 0xe2eae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007788fcfd 7 bytes {MOV EDX, 0xe2eaa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007788fd49 7 bytes {MOV EDX, 0xe2e868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007788fe41 7 bytes {MOV EDX, 0xe2e8a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077890099 7 bytes {MOV EDX, 0xe2e828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778910a5 7 bytes {MOV EDX, 0xe2e9e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007789111d 7 bytes {MOV EDX, 0xe2e968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077891321 7 bytes {MOV EDX, 0xe2e8e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076461465 2 bytes [46, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764614bb 2 bytes [46, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007788f991 7 bytes {MOV EDX, 0xeb0628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007788fbd5 7 bytes {MOV EDX, 0xeb0668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007788fc05 7 bytes {MOV EDX, 0xeb05a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007788fc1d 7 bytes {MOV EDX, 0xeb0528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007788fc35 7 bytes {MOV EDX, 0xeb0728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007788fc65 7 bytes {MOV EDX, 0xeb0768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007788fce5 7 bytes {MOV EDX, 0xeb06e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007788fcfd 7 bytes {MOV EDX, 0xeb06a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007788fd49 7 bytes {MOV EDX, 0xeb0468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007788fe41 7 bytes {MOV EDX, 0xeb04a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077890099 7 bytes {MOV EDX, 0xeb0428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778910a5 7 bytes {MOV EDX, 0xeb05e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007789111d 7 bytes {MOV EDX, 0xeb0568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077891321 7 bytes {MOV EDX, 0xeb04e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076461465 2 bytes [46, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764614bb 2 bytes [46, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007788f991 7 bytes {MOV EDX, 0xef2a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007788fbd5 7 bytes {MOV EDX, 0xef2a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007788fc05 7 bytes {MOV EDX, 0xef29a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007788fc1d 7 bytes {MOV EDX, 0xef2928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007788fc35 7 bytes {MOV EDX, 0xef2b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007788fc65 7 bytes {MOV EDX, 0xef2b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007788fce5 7 bytes {MOV EDX, 0xef2ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007788fcfd 7 bytes {MOV EDX, 0xef2aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007788fd49 7 bytes {MOV EDX, 0xef2868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007788fe41 7 bytes {MOV EDX, 0xef28a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077890099 7 bytes {MOV EDX, 0xef2828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778910a5 7 bytes {MOV EDX, 0xef29e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007789111d 7 bytes {MOV EDX, 0xef2968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077891321 7 bytes {MOV EDX, 0xef28e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076461465 2 bytes [46, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764614bb 2 bytes [46, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007788f991 7 bytes {MOV EDX, 0x5e4628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007788fbd5 7 bytes {MOV EDX, 0x5e4668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007788fc05 7 bytes {MOV EDX, 0x5e45a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007788fc1d 7 bytes {MOV EDX, 0x5e4528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007788fc35 7 bytes {MOV EDX, 0x5e4728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007788fc65 7 bytes {MOV EDX, 0x5e4768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007788fce5 7 bytes {MOV EDX, 0x5e46e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007788fcfd 7 bytes {MOV EDX, 0x5e46a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007788fd49 7 bytes {MOV EDX, 0x5e4468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007788fe41 7 bytes {MOV EDX, 0x5e44a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077890099 7 bytes {MOV EDX, 0x5e4428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000778910a5 7 bytes {MOV EDX, 0x5e45e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007789111d 7 bytes {MOV EDX, 0x5e4568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077891321 7 bytes {MOV EDX, 0x5e44e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076461465 2 bytes [46, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764614bb 2 bytes [46, 76]
.text ... * 2
---- EOF - GMER 2.1 ----
Log von OTL Code:
OTL logfile created on: 30.05.2013 16:13:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Valet\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,35% Memory free
7,99 Gb Paging File | 6,44 Gb Available in Paging File | 80,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 381,06 Gb Free Space | 81,83% Space Free | Partition Type: NTFS
Drive I: | 465,64 Gb Total Space | 333,68 Gb Free Space | 71,66% Space Free | Partition Type: FAT32
Computer Name: VALET-PC | User Name: Valet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.30 16:11:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Valet\Downloads\OTL.exe
PRC - [2013.05.23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.03.20 12:55:48 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
========== Modules (No Company Name) ==========
MOD - [2013.05.23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.23 07:44:06 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013.05.23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013.05.23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013.05.23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013.05.23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
========== Services (SafeList) ==========
SRV - [2013.05.27 18:38:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.16 19:23:46 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.11.02 16:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 04:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.28 03:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.04.28 03:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F AE 16 40 82 99 CD 01 [binary data]
IE - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000\..\SearchScopes\{ACD77D14-9B14-49FD-A878-2ADE47F1ABB3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013.04.23 19:56:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valet\AppData\Roaming\mozilla\Extensions
[2013.05.27 18:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.27 18:38:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Valet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.552_0\npbrowserext.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Valet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Valet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Valet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\Valet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000..\Run: [GPL Ghostscript] C:\Users\Valet\AppData\Roaming\uadwejjg\gicusbwr.exe File not found
O4 - HKU\S-1-5-21-1730227814-2741885819-3601587449-1000..\Run: [hlpthlp] "C:\Users\Valet\AppData\Roaming\hlpthlp.exe" -autorun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Valet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D9EFAFB-5FD8-4F2D-8E25-377D79ECA1D2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{28ec5350-0582-11e2-a60a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28ec5350-0582-11e2-a60a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{506accba-056b-11e2-a9f3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{506accba-056b-11e2-a9f3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\DVDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.30 15:32:23 | 000,000,000 | ---D | C] -- C:\Users\Valet\Desktop\Bilder Ibiza
[2013.05.27 18:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.15 21:45:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.15 21:45:08 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.15 21:45:08 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.15 21:45:07 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.15 21:45:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.15 21:45:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.15 21:45:07 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.15 21:45:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.15 21:45:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.15 21:45:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.15 21:45:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.15 21:45:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.15 21:45:05 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.15 21:45:05 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 21:45:05 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.15 13:41:41 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 13:41:41 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 13:41:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 13:41:02 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 13:41:02 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 13:41:02 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 13:41:02 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.10 09:33:59 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.10 09:33:59 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.10 09:33:59 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.10 09:33:59 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.10 09:33:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.10 09:33:59 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.10 09:33:59 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.10 09:33:59 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.10 09:33:59 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.10 09:33:58 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.10 09:33:58 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.10 09:33:58 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.10 09:33:58 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.10 09:33:58 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.10 09:33:58 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.10 09:33:58 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.10 09:33:58 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.10 09:33:58 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.10 09:33:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.10 09:33:58 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.10 09:33:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.10 09:33:58 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.10 09:33:57 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.10 09:33:57 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.10 09:33:57 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.10 09:33:57 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.10 09:33:57 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.10 09:33:57 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.10 09:33:57 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.10 09:33:57 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.10 09:33:57 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.10 09:33:57 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.10 09:33:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.10 09:33:57 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.10 09:33:57 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.10 09:33:57 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.10 09:33:57 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.10 09:33:56 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.10 09:33:56 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.10 09:33:56 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.10 09:33:56 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.10 09:33:56 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.10 09:33:56 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.10 09:33:56 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.10 09:33:56 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.10 09:33:56 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.10 09:33:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.10 09:33:56 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.10 09:33:56 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.10 09:33:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.10 09:33:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.10 09:33:56 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.10 09:33:56 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.04 13:18:43 | 000,000,000 | ---D | C] -- C:\Users\Valet\Desktop\Fenster
[2013.05.04 13:14:26 | 000,000,000 | ---D | C] -- C:\Users\Valet\AppData\Local\PDF24
[2013.05.04 13:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
[2013.05.04 13:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2013.05.04 13:03:20 | 000,000,000 | R--D | C] -- C:\Users\Valet\Documents\Scanned Documents
[2013.05.04 13:03:20 | 000,000,000 | ---D | C] -- C:\Users\Valet\Documents\Fax
========== Files - Modified Within 30 Days ==========
[2013.05.30 16:05:29 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.30 16:05:29 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.30 16:02:29 | 003,268,992 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.30 16:02:29 | 001,379,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.30 16:02:29 | 000,940,726 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.30 16:02:29 | 000,835,116 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.30 16:02:29 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.30 16:02:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.30 16:01:21 | 000,000,000 | ---- | M] () -- C:\Users\Valet\defogger_reenable
[2013.05.30 15:58:22 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.30 15:58:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.30 15:58:05 | 3219,775,488 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.29 21:38:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.16 19:23:46 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.16 19:23:46 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.16 18:16:43 | 000,294,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.12 22:46:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.05.12 22:44:01 | 000,628,743 | ---- | M] () -- C:\Users\Valet\Desktop\adwcleaner.exe
[2013.05.10 09:33:59 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.10 09:33:59 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.10 09:33:59 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.10 09:33:59 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.10 09:33:59 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.10 09:33:59 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.10 09:33:59 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.10 09:33:59 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.10 09:33:59 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.10 09:33:58 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.10 09:33:58 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.10 09:33:58 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.10 09:33:58 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.10 09:33:58 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.10 09:33:58 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.10 09:33:58 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.10 09:33:58 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.10 09:33:58 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.10 09:33:58 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.10 09:33:58 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.10 09:33:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.10 09:33:58 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.10 09:33:57 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.10 09:33:57 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.10 09:33:57 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.10 09:33:57 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.10 09:33:57 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.10 09:33:57 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.10 09:33:57 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.10 09:33:57 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.10 09:33:57 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.10 09:33:57 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.10 09:33:57 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.10 09:33:57 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.10 09:33:57 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.10 09:33:57 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.10 09:33:57 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.10 09:33:57 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.10 09:33:57 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.10 09:33:56 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.10 09:33:56 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.10 09:33:56 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.10 09:33:56 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.10 09:33:56 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.10 09:33:56 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.10 09:33:56 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.10 09:33:56 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.10 09:33:56 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.10 09:33:56 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.10 09:33:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.10 09:33:56 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.10 09:33:56 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.10 09:33:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.10 09:33:56 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.10 09:33:56 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.04 13:14:06 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
========== Files Created - No Company Name ==========
[2013.05.30 16:01:21 | 000,000,000 | ---- | C] () -- C:\Users\Valet\defogger_reenable
[2013.05.12 22:43:50 | 000,628,743 | ---- | C] () -- C:\Users\Valet\Desktop\adwcleaner.exe
[2013.05.10 09:33:57 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.10 09:33:57 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.04 13:14:06 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.09.23 17:44:51 | 000,000,040 | ---- | C] () -- C:\Users\Valet\AppData\Roaming\burnaware.ini
[2012.09.23 14:23:32 | 000,189,465 | ---- | C] () -- C:\Users\Valet\ESt2011_BAISCH-VALET_ANDREAS_und_VALET_FRIEDERIKE.elfo
[2012.09.23 14:23:32 | 000,000,217 | ---- | C] () -- C:\Users\Valet\GMX - E-Mail, FreeMail, De-Mail, Themen- & Shopping-Portal - kostenlos.url
[2012.09.23 13:56:47 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
Extralog von OTL Code:
OTL Extras logfile created on: 30.05.2013 16:13:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Valet\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,35% Memory free
7,99 Gb Paging File | 6,44 Gb Available in Paging File | 80,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 381,06 Gb Free Space | 81,83% Space Free | Partition Type: NTFS
Drive I: | 465,64 Gb Total Space | 333,68 Gb Free Space | 71,66% Space Free | Partition Type: FAT32
Computer Name: VALET-PC | User Name: Valet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1730227814-2741885819-3601587449-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C63BF1-0535-4AB4-9517-390BEBA41C94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0EE9C125-082A-4979-B6E8-19579C2B4256}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19F4DE12-6947-4413-9DC5-7549CC1D3B8A}" = rport=445 | protocol=6 | dir=out | app=system |
"{1E271002-15C8-4025-9804-E99D351BEFEB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E299B31-B1DE-4E6F-A911-3AABD71FF099}" = rport=139 | protocol=6 | dir=out | app=system |
"{42475660-A330-4100-B82D-E16D4BF1E412}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F03D4C9-99BB-4D59-8A19-9A0E20885D8B}" = lport=137 | protocol=17 | dir=in | app=system |
"{4F3AD6D4-83BA-4FE7-9D55-4E3D97825DE9}" = rport=137 | protocol=17 | dir=out | app=system |
"{51A593A6-E7FB-4137-A6F6-6A449043B3FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5E2A7C72-8248-4195-9F9B-9947307C4A48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{622A279F-9E9D-4CCF-A2AA-244244A58419}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63A8D520-C1E2-4B1A-A5EC-334816C3482A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{65AA3072-1823-4138-96FD-1587355258BF}" = rport=138 | protocol=17 | dir=out | app=system |
"{76E15477-0C92-43D8-AAD4-7635808D4B8C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80BE778E-F668-4F57-BEEB-DD55F2BE59D1}" = lport=445 | protocol=6 | dir=in | app=system |
"{9482A8DD-0F3A-447C-B617-02132EAC4991}" = lport=138 | protocol=17 | dir=in | app=system |
"{9D1CBE74-DBA4-4645-8952-E46695D803BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2D531D8-CCD5-4CF2-B2FF-6ABC301BA196}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFB166C3-7B8B-43FA-A3DD-5F7595A2E0F1}" = lport=139 | protocol=6 | dir=in | app=system |
"{B4799945-43C1-4727-9843-18DC06A28418}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C33DBDE2-4D37-49F3-B253-EF2D459287F0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D461C409-7221-47E1-836D-119A0F509958}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EC93DF0B-4FDF-4294-976D-0A1AA2D0E583}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0067C90A-B02B-48FA-88FB-9D31E94990FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{02E8AA0F-53B3-4207-AFEF-C602ECE8714E}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{0EC1A3CA-5BAD-46C5-871A-7F45E80C2168}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1BA79956-DD84-47B1-B9A5-FCBE1320C572}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2311D22D-90CE-4634-8E0C-4C11C4F8D9B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{23CBBE0A-6B7B-4111-AEC6-B475B39277D3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{29110477-55EC-41AF-8257-2B0EFDAFF306}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2F29EA1C-AF32-4468-A150-3B9AAF37C3CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{38BDAACB-BF6F-4AE9-9A55-FD89D6FAE633}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40E39784-EF6F-44E6-B911-86F26B16824F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{495F76A5-0347-4333-ACE8-640B8FF422DB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A732E49-44E6-4695-B92A-704C032C350A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C22238B-BB78-41CD-9989-83C671B43CF1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{509FC461-7F70-4AF4-A870-800D059E1786}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{518D0EC2-59B0-42E1-8096-E40D627750A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5481A243-9A5F-4123-8BCE-3B2802A9FAF2}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{59C262BE-E99A-441F-82F6-7E91D6FA0BBD}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{60D551F1-8472-46BD-AD49-6B8B211F5681}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6116D613-85C0-4D72-A1BE-8978E11523BA}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{644D0A9C-9C7F-4613-8708-B41157A23DB5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{66AAC86D-D9B2-4ECE-822B-47ADF57C71CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{790B70CB-0425-48F7-BE57-0A51C8DFCE54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8235FE5A-FD1F-44F0-8142-7392B3A50A1D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8B5C573E-8BB0-4AA0-8BA3-813944406912}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A62B8058-EEF0-4B35-B90B-6944BE3BF967}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{A92F06CE-627F-48BB-8508-65F8F44BA10F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B0FC1F69-BAE9-47FA-99C8-0773059417B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B153F7FF-DB16-4E5C-96FB-51BB9478123E}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{B6EFE770-0DC6-4AA6-AEDA-7E88590CE173}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{C0D853DE-C642-4179-805A-37340F9B608A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C33780E3-8ACF-40A6-A235-DD7F94442C8A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1C9321E-6719-490E-A3F7-F541CD6FDFDE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E58504A4-65D9-444B-AF37-BBD3B805ADCA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB02154D-A285-4F18-B080-879CB290E4B8}" = protocol=6 | dir=out | app=system |
"{EBE3E784-5424-413F-BE72-B61A38E32F3F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{EE3AC669-4D6F-4456-A434-0E09DEBE0488}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"TCP Query User{0A37DDAB-EF31-4D0A-9B88-9E9DBB8C4850}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{9156B0EC-EF18-4671-8C18-33380E0A9C7C}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{E3032192-AB8C-4FC4-AD53-02F2C680B9AF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{0EDB5277-5984-4667-8D6D-9E9EB606A545}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{B58D233F-FAD6-483B-90CC-4828574726AB}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{C616408C-9D1F-4EAE-ADF8-4148F1B9D832}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"4Story_DE_is1" = 4Story DE 4.1.176
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bridge Builder" = Bridge Builder
"BurnAware Free_is1" = BurnAware Free 5.1
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.05.2013 13:24:50 | Computer Name = Valet-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 30.05.2013 09:30:02 | Computer Name = Valet-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 30.05.2013 09:30:02 | Computer Name = Valet-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 30.05.2013 09:30:02 | Computer Name = Valet-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 30.05.2013 09:33:12 | Computer Name = Valet-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 30.05.2013 09:33:12 | Computer Name = Valet-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 30.05.2013 09:33:12 | Computer Name = Valet-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 30.05.2013 10:02:26 | Computer Name = Valet-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 30.05.2013 10:02:26 | Computer Name = Valet-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 30.05.2013 10:02:26 | Computer Name = Valet-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ System Events ]
Error - 13.04.2013 08:14:52 | Computer Name = Valet-PC | Source = bowser | ID = 8003
Description =
Error - 13.04.2013 10:03:02 | Computer Name = Valet-PC | Source = bowser | ID = 8003
Description =
Error - 13.04.2013 12:45:17 | Computer Name = Valet-PC | Source = bowser | ID = 8003
Description =
Error - 14.04.2013 14:05:41 | Computer Name = Valet-PC | Source = bowser | ID = 8003
Description =
Error - 15.04.2013 02:03:49 | Computer Name = Valet-PC | Source = bowser | ID = 8003
Description =
Error - 15.04.2013 15:02:02 | Computer Name = Valet-PC | Source = bowser | ID = 8003
Description =
Error - 27.04.2013 06:44:29 | Computer Name = Valet-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 09.05.2013 16:30:40 | Computer Name = Valet-PC | Source = DCOM | ID = 10010
Description =
Error - 15.05.2013 15:31:42 | Computer Name = Valet-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 15.05.2013 15:32:12 | Computer Name = Valet-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Viele Grüße
hypercraft |
Hinweise zum Ablauf
GMER herunter: (Dateiname zufällig) 
SecurityCheck und:
Textbox. 