Trojaner Win32/Bumat!rts |
||
---|---|---|
#0
| ||
02.06.2012, 12:14
Moderator
Beiträge: 5694 |
||
|
||
06.06.2012, 03:14
...neu hier
Beiträge: 2 |
#17
OTL logfile created on: 06.06.2012 02:31:09 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Icy\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 49,65% Memory free 8,20 Gb Paging File | 6,13 Gb Available in Paging File | 74,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,23 Gb Total Space | 412,42 Gb Free Space | 70,83% Space Free | Partition Type: NTFS Drive D: | 13,94 Gb Total Space | 1,61 Gb Free Space | 11,58% Space Free | Partition Type: NTFS Computer Name: DELUXE | User Name: Icy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ========== PRC - [2012.06.01 15:46:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Icy\Desktop\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.07.01 13:49:26 | 000,884,696 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.04.22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe PRC - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2008.12.15 16:15:42 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008.12.15 16:15:16 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008.11.28 18:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008.11.20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2008.11.03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2008.11.03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2009.04.22 22:53:22 | 000,267,656 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll MOD - [2009.04.22 22:53:22 | 000,124,288 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll MOD - [2009.04.22 22:53:22 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll MOD - [2009.04.22 22:53:20 | 000,349,480 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll MOD - [2008.12.15 16:15:44 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.12.03 20:14:18 | 000,034,088 | ---- | M] () -- c:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit: - [2009.01.16 00:27:00 | 000,949,248 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV:64bit: - [2008.01.21 04:51:33 | 000,067,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2008.01.21 04:48:26 | 000,088,064 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2008.01.21 04:48:03 | 000,342,016 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV - [2012.05.03 15:35:27 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.10.29 15:25:50 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.04.13 16:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe -- (AVP) SRV - [2011.01.12 16:24:12 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS) SRV - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.30 06:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2008.11.03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:49:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2008.01.21 04:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 04:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.17 07:59:46 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF) DRV:64bit: - [2011.08.18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd) DRV:64bit: - [2011.05.05 15:40:38 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2010.11.18 20:25:59 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggsemc.sys -- (ggsemc) DRV:64bit: - [2010.11.18 20:25:59 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggflt.sys -- (ggflt) DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI) DRV:64bit: - [2010.06.09 18:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl2.sys -- (kl2) DRV:64bit: - [2010.06.09 18:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (KL1) DRV:64bit: - [2010.04.22 20:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6) DRV:64bit: - [2009.11.02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.04.11 07:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.04.11 06:54:21 | 000,299,008 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\udfs.sys -- (udfs) DRV:64bit: - [2009.01.16 01:47:22 | 005,173,248 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2008.12.04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor) DRV:64bit: - [2008.10.21 10:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM) DRV:64bit: - [2008.08.06 18:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2008.01.21 04:47:28 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ipmidrv.sys -- (IPMIDRV) DRV:64bit: - [2008.01.21 04:47:28 | 000,035,896 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\i2omp.sys -- (i2omp) DRV:64bit: - [2008.01.21 04:47:27 | 000,185,912 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320) DRV:64bit: - [2008.01.21 04:47:27 | 000,024,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd) DRV:64bit: - [2008.01.21 04:47:26 | 000,128,056 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio) DRV:64bit: - [2008.01.21 04:47:26 | 000,078,392 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4) DRV:64bit: - [2008.01.21 04:47:25 | 000,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid) DRV:64bit: - [2008.01.21 04:47:25 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\fdc.sys -- (fdc) DRV:64bit: - [2008.01.21 04:47:04 | 000,113,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm) DRV:64bit: - [2008.01.21 04:47:04 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive) DRV:64bit: - [2008.01.21 04:47:03 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass) DRV:64bit: - [2008.01.21 04:47:01 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV:64bit: - [2008.01.21 04:47:00 | 000,091,192 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas) DRV:64bit: - [2008.01.21 04:47:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk) DRV:64bit: - [2008.01.21 04:46:59 | 000,397,368 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor) DRV:64bit: - [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastorv.sys -- (iaStorV) DRV:64bit: - [2008.01.21 04:46:59 | 000,047,672 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hpcisss.sys -- (HpCISSs) DRV:64bit: - [2008.01.21 04:46:59 | 000,035,896 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas) DRV:64bit: - [2008.01.21 04:46:59 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse) DRV:64bit: - [2008.01.21 04:46:56 | 000,438,328 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\megasr.sys -- (MegaSR) DRV:64bit: - [2008.01.21 04:46:56 | 000,284,728 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\uliahci.sys -- (uliahci) DRV:64bit: - [2008.01.21 04:46:56 | 000,105,016 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS) DRV:64bit: - [2008.01.21 04:46:56 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2) DRV:64bit: - [2008.01.21 04:46:55 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\flpydisk.sys -- (flpydisk) DRV:64bit: - [2008.01.21 04:46:54 | 000,342,584 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci) DRV:64bit: - [2008.01.21 04:46:54 | 000,128,056 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid) DRV:64bit: - [2008.01.21 04:46:54 | 000,126,520 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpu160m.sys -- (adpu160m) DRV:64bit: - [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor) DRV:64bit: - [2008.01.21 04:46:53 | 000,486,456 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx) DRV:64bit: - [2008.01.21 04:46:52 | 001,221,176 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300) DRV:64bit: - [2008.01.21 04:46:52 | 000,174,696 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ulsata2.sys -- (ulsata2) DRV:64bit: - [2008.01.21 04:46:52 | 000,090,680 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc) DRV:64bit: - [2008.01.21 04:46:51 | 000,314,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\rdpdr.sys -- (rdpdr) DRV:64bit: - [2008.01.21 04:46:51 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC) DRV:64bit: - [2008.01.21 04:46:51 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8) DRV:64bit: - [2008.01.21 04:46:51 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor) DRV:64bit: - [2008.01.21 04:46:51 | 000,023,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp) DRV:64bit: - [2008.01.21 04:46:50 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci) DRV:64bit: - [2008.01.21 04:46:50 | 000,023,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt) DRV:64bit: - [2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\atapi.sys -- (atapi) DRV:64bit: - [2008.01.21 04:46:50 | 000,019,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide) DRV:64bit: - [2008.01.21 04:46:50 | 000,018,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide) DRV:64bit: - [2008.01.21 04:46:50 | 000,018,024 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide) DRV:64bit: - [2008.01.21 04:46:50 | 000,015,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide) DRV:64bit: - [2008.01.21 04:46:50 | 000,015,976 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide) DRV:64bit: - [2008.01.21 04:46:50 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi) DRV:64bit: - [2008.01.21 04:46:50 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide) DRV:64bit: - [2008.01.21 04:46:50 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev) DRV:64bit: - [2008.01.09 12:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri) DRV:64bit: - [2007.12.10 15:22:10 | 000,144,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) DRV:64bit: - [2007.12.10 15:22:06 | 000,125,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017obex.sys -- (s3017obex) DRV:64bit: - [2007.12.10 15:22:04 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) DRV:64bit: - [2007.12.10 15:22:02 | 000,130,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2007.12.10 15:22:00 | 000,146,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017mdm.sys -- (s3017mdm) DRV:64bit: - [2007.12.10 15:22:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017mdfl.sys -- (s3017mdfl) DRV:64bit: - [2007.12.10 15:21:56 | 000,109,096 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM) DRV:64bit: - [2007.11.23 18:01:28 | 000,272,640 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\etFilter64.sys -- (FiltUSBET) DRV:64bit: - [2007.10.12 12:54:18 | 000,531,712 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\etDevice64.sys -- (DCamUSBET) DRV:64bit: - [2007.09.07 16:24:00 | 000,009,216 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\etScan64.sys -- (ScanUSBET) DRV:64bit: - [2006.11.02 14:03:03 | 000,051,816 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960) DRV:64bit: - [2006.11.02 14:02:52 | 000,049,256 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\symc8xx.sys -- (Symc8xx) DRV:64bit: - [2006.11.02 14:02:47 | 000,048,232 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sym_u3.sys -- (Sym_u3) DRV:64bit: - [2006.11.02 14:02:39 | 000,044,648 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp) DRV:64bit: - [2006.11.02 14:02:37 | 000,044,648 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sym_hi.sys -- (Sym_hi) DRV:64bit: - [2006.11.02 14:02:24 | 000,039,016 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mraid35x.sys -- (Mraid35x) DRV:64bit: - [2006.11.02 14:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iteraid.sys -- (iteraid) DRV:64bit: - [2006.11.02 14:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iteatapi.sys -- (iteatapi) DRV:64bit: - [2006.11.02 13:51:30 | 000,203,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia) DRV:64bit: - [2006.11.02 13:50:54 | 000,148,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ulsata.sys -- (UlSata) DRV:64bit: - [2006.11.02 13:50:27 | 000,124,008 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx) DRV:64bit: - [2006.11.02 13:50:06 | 000,090,216 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port) DRV:64bit: - [2006.11.02 13:50:06 | 000,088,168 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\djsvs.sys -- (aic78xx) DRV:64bit: - [2006.11.02 11:44:02 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM) DRV:64bit: - [2006.11.02 11:44:01 | 000,034,304 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth) DRV:64bit: - [2006.11.02 11:43:46 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR) DRV:64bit: - [2006.11.02 11:43:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci) DRV:64bit: - [2006.11.02 11:43:36 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr) DRV:64bit: - [2006.11.02 11:40:24 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen) DRV:64bit: - [2006.11.02 11:38:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy) DRV:64bit: - [2006.11.02 11:37:57 | 000,096,768 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport) DRV:64bit: - [2006.11.02 10:43:25 | 000,086,528 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV:64bit: - [2006.09.18 23:30:18 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brserwdm.sys -- (BrSerWdm) DRV:64bit: - [2006.09.18 23:30:18 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2008.11.28 18:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/29 12:22:50] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2008.11.05 01:34:10 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000}) DRV - [2007.10.11 12:24:00 | 000,085,952 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\Windows\sleen1664.sys -- (SLEE_16_DRIVER) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8EB5D32E-5211-4169-BFCB-AC729F9C7A03} IE:64bit: - HKLM\..\SearchScopes\{217BD5D9-FD39-4B58-858B-A28AF06801E9}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{6BFEF250-AC85-4332-B1C7-557B2831DE73}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{8EB5D32E-5211-4169-BFCB-AC729F9C7A03}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = {8EB5D32E-5211-4169-BFCB-AC729F9C7A03} IE - HKLM\..\SearchScopes\{217BD5D9-FD39-4B58-858B-A28AF06801E9}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{6BFEF250-AC85-4332-B1C7-557B2831DE73}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{8EB5D32E-5211-4169-BFCB-AC729F9C7A03}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {8EB5D32E-5211-4169-BFCB-AC729F9C7A03} IE - HKCU\..\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}: "URL" = http://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?} IE - HKCU\..\SearchScopes\{217BD5D9-FD39-4B58-858B-A28AF06801E9}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\..\SearchScopes\{6BFEF250-AC85-4332-B1C7-557B2831DE73}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{8EB5D32E-5211-4169-BFCB-AC729F9C7A03}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.de/ig#t_0" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747 FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.32 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Icy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.03 15:35:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.23 05:32:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.12 10:28:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{8C17574E-F5C5-41b8-8B36-333FC7E67980}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\THBExt_2_x [2012.01.17 08:02:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{FD9B3EC6-8265-41fb-8A2F-4C5A22A95A7B}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\THBExt_3_1_x [2012.01.17 08:02:13 | 000,000,000 | ---D | M] [2009.07.25 00:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icy\AppData\Roaming\mozilla\Extensions [2009.07.25 00:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.02 04:27:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\3lhgwhu1.default\extensions [2010.07.17 16:30:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\3lhgwhu1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.17 23:56:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\3lhgwhu1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.17 23:56:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions [2009.10.01 18:54:10 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0} [2009.10.01 18:54:17 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2009.10.01 18:54:17 | 000,000,000 | ---D | M] (Groowe Search Toolbar) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{268ad77e-cff8-42d7-b479-da60a7b93305} [2009.10.01 18:54:11 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2009.10.01 18:54:13 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2009.10.01 18:54:11 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} [2009.10.01 18:54:12 | 000,000,000 | ---D | M] (SafeCache) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839} [2009.10.01 18:54:13 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605} [2009.10.01 22:03:07 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009.10.01 22:03:07 | 000,000,000 | ---D | M] (TabRenamizer) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{792BDDFE-2E7C-42ed-B18D-18154D2761BD} [2009.10.01 18:54:18 | 000,000,000 | ---D | M] ("TinyUrl Creator") -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900} [2009.10.01 18:54:17 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} [2009.10.01 18:54:12 | 000,000,000 | ---D | M] (CacheIt!) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{98449521-9320-4257-aa35-9e1a39c8cbe0} [2009.10.01 18:54:18 | 000,000,000 | ---D | M] (Sage) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596} [2009.10.01 18:54:12 | 000,000,000 | ---D | M] (Calculator) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D} [2011.12.17 23:56:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.10.01 18:54:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.10.01 18:54:17 | 000,000,000 | ---D | M] (Plain Text to Link) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{C90B0826-5A17-4970-A5BF-A43D22452E21} [2009.10.01 18:54:17 | 000,000,000 | ---D | M] (JSView) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca} [2009.10.01 18:54:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.10.01 22:03:03 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2011.02.16 07:46:07 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2009.10.01 18:54:11 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2009.10.01 22:03:07 | 000,000,000 | ---D | M] (ScribeFire) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{F807FACD-E46A-4793-B345-D58CB177673C} [2009.10.01 22:03:07 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} [2009.10.01 18:54:12 | 000,000,000 | ---D | M] (Add Bookmark Here ²) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\abhere2@moztw.org [2009.10.01 18:54:11 | 000,000,000 | ---D | M] (DT Whois) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\beysim@beysim.net [2009.10.01 18:54:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Icy\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\elemhidehelper@adblockplus.org [2012.05.03 15:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.17 08:03:06 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru [2012.01.17 08:02:59 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2011.12.21 22:56:14 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\ICY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3LHGWHU1.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI [2012.05.03 15:35:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.23 01:03:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.07.27 16:50:03 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.02.18 12:25:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.18 12:25:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.18 12:25:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.18 12:25:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.18 12:25:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.18 12:25:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: MixCloud Downloader = C:\Users\Icy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjfpmaaidpgbklpnffchmlmfpjboahej\0.14_0\ O1 HOSTS File: ([2012.03.10 08:00:05 | 000,000,832 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 google-analytics.com O1 - Hosts: 127.0.0.1 www.google-analytics.com O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [etMonitor] C:\Windows\etMon.exe (EMPIA Technology Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [00Hotkeys] "C:\Users\Icy\Desktop\test\Qliner Hotkeys\HotKeys.exe" File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [BrowserMask] C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft) O4 - HKCU..\Run: [Facebook Update] C:\Users\Icy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Process Hacker] C:\COM! Tools\Process Hacker\ProcessHacker.exe (wj32) O4 - HKCU..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun File not found O4 - HKCU..\Run: [SSS6_SAFE] "C:\Program Files (x86)\Steganos Security Suite 6\safe.exe" /booting File not found O4 - HKCU..\Run: [SSS6_SPM] "C:\Program Files (x86)\Steganos Security Suite 6\spm.exe" /booting File not found O4 - Startup: C:\Users\Icy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011.02.17 01:05:37 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Icy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Icy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56355D73-6317-40CD-8411-11558AEFC715}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Users\Icy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Icy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{20cd9bce-d28c-11df-9473-00248ca93ec1}\Shell - "" = AutoRun O33 - MountPoints2\{20cd9bce-d28c-11df-9473-00248ca93ec1}\Shell\AutoRun\command - "" = L:\Startme.exe O33 - MountPoints2\{63ee7201-0b7c-11e0-a553-00248ca93ec1}\Shell - "" = AutoRun O33 - MountPoints2\{63ee7201-0b7c-11e0-a553-00248ca93ec1}\Shell\AutoRun\command - "" = J:\Startme.exe O33 - MountPoints2\{771109fd-39a2-11de-b51b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{771109fd-39a2-11de-b51b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.06.01 15:46:26 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Icy\Desktop\OTL.exe [2012.06.01 15:37:46 | 000,000,000 | ---D | C] -- C:\Users\Icy\AppData\Roaming\Malwarebytes [2012.06.01 15:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.01 15:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.01 15:37:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.01 15:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.01 13:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest [2012.05.31 15:30:08 | 000,000,000 | ---D | C] -- C:\Users\Icy\Podcasts [2012.05.31 15:30:08 | 000,000,000 | ---D | C] -- C:\Users\Icy\Documents\Media Go [2012.05.31 15:29:07 | 000,000,000 | ---D | C] -- C:\Users\Icy\AppData\Local\Sony [2012.05.31 15:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared [2012.05.31 15:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2012.05.31 15:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install [2012.05.24 09:24:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.05.12 14:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2012.05.12 14:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2012.05.12 14:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2010.09.01 10:43:23 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe889.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.06.06 02:03:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.06 01:35:22 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.06 01:35:22 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.06 00:10:03 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2477992955-820657150-2613780114-1000UA.job [2012.06.06 00:03:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.05 23:35:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.05 11:48:12 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job [2012.06.04 23:20:27 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.06.04 23:20:27 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.06.01 18:10:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2477992955-820657150-2613780114-1000Core.job [2012.06.01 15:48:26 | 001,566,864 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.01 15:48:26 | 000,673,568 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.01 15:48:26 | 000,634,298 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.01 15:48:26 | 000,145,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.01 15:48:26 | 000,119,824 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.01 15:46:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Icy\Desktop\OTL.exe [2012.05.19 04:55:30 | 000,073,216 | ---- | M] () -- C:\Users\Icy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.12 08:41:55 | 000,324,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.11 19:37:41 | 000,000,680 | ---- | M] () -- C:\Users\Icy\AppData\Local\d3d9caps.dat [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011.07.26 06:00:47 | 000,000,732 | ---- | C] () -- C:\Users\Icy\AppData\Local\d3d9caps64.dat [2011.05.02 15:24:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.05.02 15:24:46 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.01.26 18:21:11 | 001,590,562 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.08 17:17:50 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini [color=#E56717]========== LOP Check ==========[/color] [2012.01.21 03:48:07 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\.minecraft [2011.02.16 07:02:44 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\AntiBrowserSpy 2009 [2009.09.01 21:35:21 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\CDZilla [2010.05.21 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\CocoonSoftware [2012.02.11 18:16:18 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\Command & Conquer 3 Kanes Rache [2012.01.16 14:13:31 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011.04.10 21:16:35 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\COMPUTERBILD-Abzockschutz [2011.12.17 23:56:30 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\DVDVideoSoft [2011.12.17 23:56:11 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\DVDVideoSoftIEHelpers [2009.09.02 17:26:51 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\FloodLightGames [2011.02.06 04:03:33 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\ICQ [2009.10.01 18:54:49 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\JonDo [2010.10.18 16:05:55 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\LockHunter [2009.08.11 18:06:18 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\muvee Technologies [2010.04.22 18:26:47 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\OpenOffice.org [2009.08.12 13:53:59 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\PeerNetworking [2009.09.03 17:35:18 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\PlayFirst [2010.12.02 03:58:46 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\Process Hacker [2011.09.22 02:26:24 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\qliner [2012.05.31 15:30:02 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\Sony [2009.10.01 18:27:05 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\Steganos [2011.09.22 02:09:03 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\Stellarium [2010.11.29 14:21:41 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\TeamViewer [2009.08.25 18:56:48 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\Template [2009.07.25 00:51:18 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\Thunderbird [2011.05.05 18:00:53 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\TrueCrypt [2009.08.02 11:10:13 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\WildTangent [2009.07.29 12:15:22 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\WinBatch [2009.10.22 03:07:17 | 000,000,000 | ---D | M] -- C:\Users\Icy\AppData\Roaming\Windows Live Writer [2012.06.01 18:10:05 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2477992955-820657150-2613780114-1000Core.job [2012.06.06 00:10:03 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2477992955-820657150-2613780114-1000UA.job [2012.06.05 11:48:12 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\MT66 Software Update.job [2012.04.26 08:12:40 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2012.06.05 12:48:01 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color] [2011.02.16 08:05:21 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.04.18 21:10:07 | 000,000,000 | -HSD | M] -- C:\Boot [2010.09.08 16:17:09 | 000,000,000 | ---D | M] -- C:\COM! Tools [2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.07.20 17:12:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.02.11 18:01:25 | 000,000,000 | ---D | M] -- C:\Games [2010.08.17 23:17:07 | 000,000,000 | -H-D | M] -- C:\hp [2009.07.20 17:14:40 | 000,000,000 | ---D | M] -- C:\Intel [2009.07.27 17:51:46 | 000,000,000 | ---D | M] -- C:\Nexon [2011.09.25 10:33:58 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.03.08 12:28:57 | 000,000,000 | R--D | M] -- C:\Program Files [2012.06.01 15:37:26 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.06.01 15:37:27 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.07.20 17:12:14 | 000,000,000 | -HSD | M] -- C:\Programme [2009.04.20 17:35:47 | 000,000,000 | -H-D | M] -- C:\SWSetup [2012.06.06 02:33:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.07.20 17:12:45 | 000,000,000 | R--D | M] -- C:\Users [2012.06.01 13:05:51 | 000,000,000 | ---D | M] -- C:\Windows [color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color] [color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2009.04.21 02:38:36 | 003,079,680 | ---- | M] (Microsoft Corporation) MD5=513619A8ABBF19F34D4308E91D1EC89D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.20610_none_b038be1d4865a6ca\explorer.exe [2009.04.21 02:38:36 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=5EF11AC92B68B4B8058A3A4F037F26CE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.20610_none_ba8d686f7cc668c5\explorer.exe [2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe [color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color] [2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe [2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe [2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 164 bytes -> C:\ProgramData\TempFC5A2B2 < End of report >[/color] ---------------- OTL Extras logfile created on: 06.06.2012 02:31:09 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Icy\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 49,65% Memory free 8,20 Gb Paging File | 6,13 Gb Available in Paging File | 74,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,23 Gb Total Space | 412,42 Gb Free Space | 70,83% Space Free | Partition Type: NTFS Drive D: | 13,94 Gb Total Space | 1,61 Gb Free Space | 11,58% Space Free | Partition Type: NTFS Computer Name: DELUXE | User Name: Icy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ========== [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = E1 BA A1 C3 2A DF CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E61951E-8D1D-498A-B296-448D948570BE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1B695410-765A-421D-97F3-9185FEDDBE8F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2A6C5A3C-38E9-492D-B7D0-C44922673070}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{385B681B-AA74-4E91-88D2-C2588C42B349}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6E540877-ABA3-481D-B860-9D83269EAEED}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6F9CA107-1C79-4018-801B-BD357319B735}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{813BBD8A-FC06-4E2A-A0F5-0E409080B9EF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8DB40AFE-37FE-4A36-B41B-CD49C2B53A79}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AA9531D7-7985-4F30-AA32-F5202FB97C24}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C1DCFEB4-D1C7-4736-B5E3-E3207E7A7EB3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E847FBDB-479D-4D42-987F-631E2F5B8B44}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EFB1F6D4-EB6E-43FB-807D-F47F515819BE}" = lport=2869 | protocol=6 | dir=in | app=system | "{F3BDE616-9B7C-4299-945B-9E473C71ABD1}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FA06995B-15C4-412F-9CBD-D377E827C87A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09B132C9-5798-4F2C-80FB-46F5878ACF77}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe | "{0C0F453D-9531-4F69-9A97-CFC5AB0DE263}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{0EFFC0D0-4FDD-415E-A766-9A7BEBD13E22}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{210CDDF6-8503-4616-9B95-32609F835DE1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{269A8776-ACE1-417E-A90D-8B809B709A9E}" = protocol=6 | dir=in | app=c:\games\combat arms\combat arms eu\nmservice.exe | "{292AB0A0-1F7B-4E45-B567-5FB261F35A4B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | "{29775283-2B5E-4A56-9938-41747B5D04CE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{2E2440EB-5D4A-432B-B7F7-9EDD1A3AECEA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe | "{358C419A-202E-44DE-BBE7-6D39B274AC2F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{36B587F4-1C74-4AF1-AEC9-20421F139FE1}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{38A31E69-0A22-4752-AC6B-3F21DE486521}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{3E9B85B5-5EF5-4C15-A224-C80C98574482}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{4284DBBD-D6F0-48E5-AE4D-2CAFCA2C53BF}" = protocol=6 | dir=in | app=c:\games\gta iv\grand theft auto iv\launchgtaiv.exe | "{4597CB7E-3EA2-4C73-9087-00693B99E675}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{5179FAD4-5B9F-439E-A4FE-5546AD14DDC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{525C8F4E-0E60-4A9C-A662-D3BE6B1ED48B}" = protocol=17 | dir=in | app=c:\games\gta iv\grand theft auto iv\launchgtaiv.exe | "{54571E6E-2785-4756-81BC-5214518D6E4F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{55A941EE-2E79-4750-8735-3B54C373F1FC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{56D1A9C4-5DB3-41A4-8CE5-030E9A849FFD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{62FA6C65-2F93-4FBD-B50A-89EA76D5A9C4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{66D15F9A-8B88-4059-A79C-BF0BA72D8B8E}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{6BB10307-537C-49B4-A8C5-5585D1389F73}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{6F59C224-4B22-4005-9637-D0851225C8CB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{70AD69F0-10AA-4409-BD38-26ECF4026289}" = protocol=6 | dir=in | app=c:\games\gta iv\rockstar games social club\rgsclauncher.exe | "{720F6860-BED1-423A-8903-69D05C8758B7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{750E8C3F-5CF8-488B-84F2-385C67B02927}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{75FBEBB0-EC89-4FA3-92F1-FBFC5BB812A9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{76D0D08A-B2CF-48B5-A910-9C426FCBC36C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{775D3CCC-3E1B-47D8-A2C7-7E27C5448739}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{77943B3E-CA2A-4777-A43F-92D2514918FA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{7A9D128D-7E4D-4540-92E1-A35B59A1060A}" = protocol=17 | dir=in | app=c:\games\combat arms\combat arms eu\nmservice.exe | "{7ADA0E70-4EE5-407D-84D2-6F1E91DB6300}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{7C3A970A-1684-4488-9F81-DC58F1045749}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{81444ABB-5018-4704-9A90-2089D7C5D268}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe | "{84653ADB-D3DA-4BF8-A46D-251507179C9B}" = protocol=17 | dir=in | app=c:\games\gta iv\rockstar games social club\rgsclauncher.exe | "{866B7385-1DE3-417F-A1DA-DFD1B6512BF1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{88FCD316-E5F3-4710-8D81-834940EEC7A9}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{8D69CAC8-B530-4393-8B21-753560335316}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{915D0809-6245-49D6-A77D-364486E4C4ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{9366E7F9-00C6-4B12-A62F-48F91E9A551A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{9B957A82-E254-47C9-9492-69A7BB4824B9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{9CDD8321-2B00-4C2D-A0D7-BD12FD33E4BE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe | "{9D03E5F0-FC83-4C40-AEC9-D2048E13C5EF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{9E9A771E-EA07-4044-BD94-D49AF25EF549}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{A7176630-213D-4563-BBB8-24258D77CEC7}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{AC3A4240-6624-4DF5-B91A-AE426BBE7659}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{AC72E62A-5DCB-422C-A917-D92874C997FE}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{AD12FDE8-6E41-420D-8985-96E537E13A95}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{B3517307-0619-4717-9FA5-CA9A31ACB0DD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{B741EBE1-E8DE-4311-8C9F-101017929618}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{B8632E5D-0097-469E-9A22-F4B95F6BE848}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{BD3DBB7B-B65A-4EE7-B878-73C19179E914}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | "{BE640CF6-33AE-41CE-8B2B-8301472F6401}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{C1D38EF6-E178-42C5-B4AA-141A62ABB994}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C46B9612-F1AA-4D89-A3F4-32EAB0269812}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{CFACC971-9297-458F-9301-FBDD7D0AEBDD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{DB0E69FC-E040-4270-947F-7CC9CA558207}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{E0BB3B66-5084-43B3-ADB0-A104E18D69A4}" = dir=in | app=c:\users\icy\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{E1B0924A-8F3B-4268-B4D9-70C33AB4FC98}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{E38E8958-66A4-462A-A94A-B401B8D45A11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | "{E50F5B07-A105-4382-955F-2D3FCCAC85E0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{E6A7E8B3-0CA4-4BEE-9796-14536F8EF5D9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{E7AB92D2-32AE-4D10-BB10-60329F6E3BB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E976D048-3B68-4D70-97DA-C251C3464E7E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{ECC92119-F30C-4C71-A8FC-9F15684D8531}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{F0AE213C-0C99-4EA3-8009-8A365352A186}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{F226C84F-8115-4F5B-BC13-2D6B58D46E47}" = dir=in | app=c:\games\cc3 tiberium wars\retailexe\1.0\cnc3game.dat | "{F2B4B727-F3C6-4FAA-958F-A164C3E77265}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{F38C233A-6C08-4F40-8AEA-636A0DE21F32}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | "TCP Query User{180A470D-14D0-4C51-836E-4704131B901B}C:\games\gta san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\games\gta san andreas\gta_sa.exe | "TCP Query User{1E57FE1C-6B77-4850-981A-E506316A27C1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{212AC73C-004D-4FBF-9CF5-9C39C5AF664E}C:\games\gta san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\games\gta san andreas\gta_sa.exe | "TCP Query User{430CC7D5-FC36-4502-88C1-6FBE0E2AC9EF}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "TCP Query User{B0FB4731-6CDA-4CA0-B0E6-241DD4C9FF93}C:\games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\games\gta iv\grand theft auto iv\gtaiv.exe | "TCP Query User{D47532D2-382E-41F5-B555-16E78F277740}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{E07846C2-F892-41C5-97B4-D8D86181C75E}C:\games\ccg\game.dat" = protocol=6 | dir=in | app=c:\games\ccg\game.dat | "TCP Query User{E5E9F369-6177-4140-8382-1B44672304E9}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{E8F33D3D-7B28-4F0C-8F14-FB512458BB8D}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{058FAD7B-32D7-4EEA-8817-D0864AE47996}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{13FD2A7A-097E-4305-8601-0BFDECF50BA2}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{31442563-5071-4F8E-8B71-B72FEEBD69D8}C:\games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\games\gta iv\grand theft auto iv\gtaiv.exe | "UDP Query User{33691DA8-8E97-4337-8725-E85EEAD8E7B8}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{38B046C5-EDA8-43B9-87D0-94DD3D9C7BA9}C:\games\gta san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\games\gta san andreas\gta_sa.exe | "UDP Query User{7A136130-9C97-4185-A7D0-BD6831604247}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{A0E80107-BAC0-46BF-B6F6-D300963EF5EB}C:\games\ccg\game.dat" = protocol=17 | dir=in | app=c:\games\ccg\game.dat | "UDP Query User{CA204D06-A8CF-4EB9-BED5-FBD50B712085}C:\games\gta san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\games\gta san andreas\gta_sa.exe | "UDP Query User{DB7C8AF7-4571-4F2E-B7F8-F1446F9993FF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{20FC7D3A-EFE3-70C5-6D36-8EB331DD2225}" = ccc-utility64 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{AA3D91EB-908C-A141-374A-E9A59E633FA8}" = ATI Catalyst Install Manager "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "OfficeTrial" = Testversion von Microsoft Office Home and Student 2007 "PC-Doctor for Windows" = Hardware Diagnose Tools "Process_Hacker_is1" = Process Hacker 1.11 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{010AC7FE-9F7A-D375-C2FA-7AF0CE85231A}" = CCC Help Spanish "{018DDD29-36B4-490D-AD68-EFF0101B5BF2}" = CCC Help Dutch "{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04CA46C0-C2BE-484A-D3C6-A7FD02F19ECD}" = CCC Help French "{06025549-DA96-82DC-CA72-C64D5AC51024}" = Catalyst Control Center Graphics Light "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "{0844CC2A-512E-4BA1-872B-02887E7A2672}" = FILSHtray "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{0C77C380-4A43-A1C1-7CF7-464B52D3FA94}" = CCC Help Korean "{0CF3C515-68C9-40ff-9A0F-43F5744FA9B9}_is1" = PhotoEasy 2.0 Professional-E "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{0F158E8C-94E6-F049-5D0F-0ECA27ED508A}" = CCC Help Polish "{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe "{10FBA5C8-5816-A99A-4AF4-DD53E4759024}" = Catalyst Control Center InstallProxy "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8 "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information "{1D16281D-A25E-1A5C-8501-42A8DB84D6B4}" = CCC Help Danish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor "{21295604-BBCA-4A3E-B1D1-1B8A746C4A52}" = COMPUTERBILD App-Center "{2244AA42-7E0F-C0FF-F08F-CD67D5AF641B}" = CCC Help Czech "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB 2.0 WebCam Driver "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{29AE3C1F-DCC6-8596-1847-7165D65B20B3}" = CCC Help Japanese "{29F5313F-1812-9497-47D2-99D4EA01D8D8}" = Catalyst Control Center Graphics Previews Common "{2C21D77F-D217-091A-7A97-47800DE015E9}" = Catalyst Control Center Graphics Previews Vista "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{31B6B086-9886-BE74-EB50-28B55E498C89}" = CCC Help Portuguese "{34A2C684-202B-3EFD-553B-EE1B46EB6CC5}" = CCC Help Hungarian "{36E06CE0-010C-5794-14AC-0A68BB74CAD1}" = CCC Help Thai "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4278B780-6CB5-437A-BA6A-31C7F9FAB980}" = Adobe Flash Player 11 ActiveX "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{429F44BA-3846-9D82-D557-2520B9BEEDD3}" = CCC Help English "{439B5059-3B54-9941-F25D-E042DD07B421}" = Catalyst Control Center Graphics Full Existing "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{55796018-20B0-E234-CA28-CFDA02F285B9}" = CCC Help Finnish "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{6424CDDA-A8C3-9ED6-E6DE-877996416FEF}" = CCC Help Norwegian "{66206F6F-A212-4FAC-837D-3415AA5698DC}" = Catalyst Control Center - Branding "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11 "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV "{686054B0-2AB0-CD13-009B-F10F96C3B228}" = Catalyst Control Center Graphics Full New "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71D41A25-6FC8-6B35-E6B0-BE3545A007F7}" = CCC Help Greek "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F3D4B8-D244-6E41-F27B-2A37A6771C1E}" = CCC Help Italian "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7928CFE4-2D29-FDDF-CAE8-D7C8A79604CC}" = CCC Help Russian "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software "{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.116.12060 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90655603-2895-BAEB-526A-2FF1E421FAA1}" = Skins "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup "{97B3FAD1-09BF-1BDC-293B-561E541413A6}" = CCC Help German "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1 "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS "{A0CAF684-5465-D29B-3CF3-F19EAC42176D}" = Catalyst Control Center Core Implementation "{A134D272-1851-58FF-6753-2F08F8148AC3}" = CCC Help Swedish "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC11F469-36A8-56DF-19D7-790DFAB74275}" = CCC Help Turkish "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{C2D84378-55FA-895B-C13A-E83A3B05BE4A}" = CCC Help Chinese Standard "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C63CDEA5-1CE9-5BF3-A4BE-7E227D4E7CD4}" = ccc-core-static "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal "{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz "{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update "{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{EC19EFAE-424A-E1EF-50DB-3B22D2E6E25D}" = CCC Help Chinese Traditional "{EE59C877-D3DF-FF65-CC38-8742EBAC1DE9}" = Catalyst Control Center Localization All "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2E4F3A5-A8F0-46F4-8E91-E8C1DE1FCFE5}_is1" = MT66 Software Update "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1" = AntiBrowserSpy "{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Der Mensch 2.0" = Der Mensch 2.0 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Fraps" = Fraps (remove only) "Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206 "Google Chrome" = Google Chrome "Gothic" = Gothic "HijackThis" = HijackThis 2.0.2 "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11 "JonDoUninstall" = JonDo "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Messenger Plus! Live" = Messenger Plus! Live "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MTA:SA" = MTA:SA 1.0 "pywin32-py2.6" = Python 2.6 pywin32-212 "Secunia PSI" = Secunia PSI (2.0.0.4003) "Silkroad" = Silkroad "sp43204" = sp43204 "sp44626" = sp44626 "Spyware Doctor" = Spyware Doctor 6.1 "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Sysinternals Suite" = Sysinternals Suite "TeamViewer 7" = TeamViewer 7 "TrueCrypt" = TrueCrypt "Update Engine" = Sony Ericsson Update Engine "VLC media player" = VLC media player 2.0.0 "WildTangent hp Master Uninstall" = My HP Games "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "QUICKMEDIACONVERTER" = QMC "Winamp Detect" = Winamp Erkennungs-Plug-in [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 01.06.2012 08:53:59 | Computer Name = Deluxe | Source = WinMgmt | ID = 10 Description = Error - 01.06.2012 19:28:12 | Computer Name = Deluxe | Source = WinMgmt | ID = 10 Description = Error - 03.06.2012 09:24:08 | Computer Name = Deluxe | Source = WinMgmt | ID = 10 Description = Error - 03.06.2012 09:41:49 | Computer Name = Deluxe | Source = WinMgmt | ID = 10 Description = Error - 04.06.2012 17:20:22 | Computer Name = Deluxe | Source = WinMgmt | ID = 10 Description = Error - 04.06.2012 17:20:47 | Computer Name = Deluxe | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 04.06.2012 21:10:06 | Computer Name = Deluxe | Source = Google Update | ID = 20 Description = Error - 05.06.2012 00:10:06 | Computer Name = Deluxe | Source = Google Update | ID = 20 Description = Error - 05.06.2012 03:10:06 | Computer Name = Deluxe | Source = Google Update | ID = 20 Description = Error - 05.06.2012 17:35:41 | Computer Name = Deluxe | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 03.06.2012 09:41:50 | Computer Name = Deluxe | Source = Service Control Manager | ID = 7026 Description = Error - 03.06.2012 09:55:24 | Computer Name = Deluxe | Source = volsnap | ID = 393236 Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher abgebrochen. Error - 03.06.2012 09:57:34 | Computer Name = Deluxe | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.127.1215.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%854 Quellpfad: http://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8403.0 Fehlercode: 0x80070643 Fehlerbeschreibung: Schwerwiegender Fehler bei der Installation. Error - 03.06.2012 09:58:30 | Computer Name = Deluxe | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 04.06.2012 17:20:22 | Computer Name = Deluxe | Source = Service Control Manager | ID = 7000 Description = Error - 04.06.2012 17:20:22 | Computer Name = Deluxe | Source = Service Control Manager | ID = 7000 Description = Error - 04.06.2012 17:20:22 | Computer Name = Deluxe | Source = Service Control Manager | ID = 7026 Description = Error - 05.06.2012 17:35:41 | Computer Name = Deluxe | Source = Service Control Manager | ID = 7000 Description = Error - 05.06.2012 17:35:41 | Computer Name = Deluxe | Source = Service Control Manager | ID = 7000 Description = Error - 05.06.2012 17:35:41 | Computer Name = Deluxe | Source = Service Control Manager | ID = 7026 Description = < End of report > [/color] Danke für die Mühe, Ich weiß das zu schätzen... |
|
|
||
06.06.2012, 14:43
Moderator
Beiträge: 5694 |
#18
Schritt 1
Fixen mit OTL • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun den Inhalt in die Textbox. Code :OTL• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Run Fix Button. • Klick auf . • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument. Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread Schritt 2 ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten. Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten. • Dein Anti-Virus-Programm während des Scans deaktivieren. Button (<< klick) drücken. • Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren. • IE-User: müssen das Installieren eines ActiveX Elements erlauben. • Setze den einen Hacken bei Yes, i accept the Terms of Use. • Drücke den Button. • Warte bis die Komponenten herunter geladen wurden. • Setze einen Haken bei "Scan archives". • Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist. • drücken. • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.Wenn der Scan beendet wurde • Klicke . • Klicke und speichere das Logfile als ESET.txt auf dem Desktop. • Klicke Back und Finish Bitte poste die Logfile hier. |
|
|
||
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
• Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.
Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.
Schritt 1
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.
Code
• Schliesse bitte nun alle Programme. (Wichtig)• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread