IE/Firefix diverse Seiten werden geblockt |
||
|---|---|---|
| #0
| ||
|
07.01.2012, 23:55
...neu hier
Beiträge: 4 |
||
 
|
|
|
|
08.01.2012, 00:12
...neu hier
Themenstarter Beiträge: 4 |
#2
Hier noch die OTL.txt
OTL logfile created on: 07.01.2012 00:03:47 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Oliver\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 30,34% Memory free 7,97 Gb Paging File | 5,88 Gb Available in Paging File | 73,71% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 463,27 Gb Total Space | 98,44 Gb Free Space | 21,25% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 31,90 Mb Free Space | 31,90% Space Free | Partition Type: NTFS Drive F: | 463,27 Gb Total Space | 139,48 Gb Free Space | 30,11% Space Free | Partition Type: NTFS Drive I: | 1,86 Gb Total Space | 0,11 Gb Free Space | 5,65% Space Free | Partition Type: FAT Computer Name: OLIVER-PC | User Name: Oliver | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012.01.07 00:02:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe PRC - [2011.11.24 17:12:21 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.17 06:07:00 | 002,955,520 | ---- | M] (Just Great Software) -- C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe PRC - [2010.04.30 13:40:16 | 007,162,696 | ---- | M] () -- C:\Program Files\BumpTop\BumpTop.exe PRC - [2010.03.31 11:30:34 | 000,219,976 | ---- | M] () -- C:\Program Files\BumpTop\TexHelper.exe PRC - [2009.08.14 03:15:56 | 000,356,352 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.14 03:15:28 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2009.04.11 07:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.18 15:31:56 | 000,294,912 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe PRC - [2009.02.03 13:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2008.08.29 14:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.06.03 00:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011.11.29 19:20:03 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.11.24 17:12:19 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.04.30 13:40:16 | 007,162,696 | ---- | M] () -- C:\Program Files\BumpTop\BumpTop.exe MOD - [2010.03.31 11:30:34 | 000,219,976 | ---- | M] () -- C:\Program Files\BumpTop\TexHelper.exe MOD - [2010.03.31 11:30:32 | 010,255,688 | ---- | M] () -- C:\Program Files\BumpTop\QtWebKit4.dll MOD - [2010.03.31 11:30:32 | 002,455,880 | ---- | M] () -- C:\Program Files\BumpTop\QtXmlPatterns4.dll MOD - [2010.03.31 11:30:30 | 007,848,264 | ---- | M] () -- C:\Program Files\BumpTop\QtGui4.dll MOD - [2010.03.31 11:30:30 | 000,977,736 | ---- | M] () -- C:\Program Files\BumpTop\QtNetwork4.dll MOD - [2010.03.31 11:30:28 | 002,251,592 | ---- | M] () -- C:\Program Files\BumpTop\QtCore4.dll MOD - [2010.03.31 11:30:26 | 000,336,712 | ---- | M] () -- C:\Program Files\BumpTop\phonon4.dll MOD - [2010.03.22 16:42:10 | 000,395,264 | ---- | M] () -- C:\Program Files\BumpTop\ImageFormats\qtiff4.dll MOD - [2010.03.22 16:42:10 | 000,306,688 | ---- | M] () -- C:\Program Files\BumpTop\ImageFormats\qmng4.dll MOD - [2010.03.22 16:42:10 | 000,207,360 | ---- | M] () -- C:\Program Files\BumpTop\ImageFormats\qjpeg4.dll MOD - [2010.03.22 16:42:10 | 000,071,680 | ---- | M] () -- C:\Program Files\BumpTop\ImageFormats\qico4.dll MOD - [2010.03.22 16:42:10 | 000,065,024 | ---- | M] () -- C:\Program Files\BumpTop\ImageFormats\qgif4.dll MOD - [2010.02.21 17:33:46 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2008.06.03 00:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe MOD - [2008.04.15 09:07:34 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll MOD - [2006.01.10 15:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\System32\AsIO.dll MOD - [2005.05.11 15:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\pngio.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.08.24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2009.08.21 14:24:02 | 000,070,336 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService) SRV - [2009.08.14 03:15:28 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009.02.18 15:31:56 | 000,294,912 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES) SRV - [2009.02.03 13:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.29 14:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.08.07 09:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.11.19 22:33:29 | 000,231,040 | ---- | M] (Zonet, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW23B.sys -- (MRV6X32U) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.06 07:58:31 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm) DRV - [2010.01.28 09:12:20 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3) DRV - [2009.10.06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.09.26 22:08:02 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.08.14 05:29:28 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.24 07:45:00 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.06.26 17:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.04.11 05:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2008.09.10 09:46:16 | 001,499,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.06.10 11:33:10 | 000,150,568 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\mv61xx.sys -- (mv61xx) DRV - [2008.05.02 09:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 09:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 09:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.02.02 15:24:00 | 000,047,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2007.12.17 16:14:04 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2007.09.25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Filme bearbeiten\MediaCoder\SysInfo.sys -- (CrystalSysInfo) DRV - [2007.05.23 03:21:12 | 000,016,272 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT) DRV - [2007.05.23 03:20:58 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007.05.11 02:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007.03.05 05:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007.03.05 04:57:14 | 000,019,472 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VHIDMini.sys -- (VHidMinidrv) DRV - [2007.03.05 04:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2007.03.05 04:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum) DRV - [2007.03.05 04:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2007.03.05 04:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm) DRV - [2007.01.29 05:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2006.10.18 14:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2005.12.21 16:44:28 | 000,299,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW225.sys -- (MRVW225) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1626218867-4192506386-2548142340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1626218867-4192506386-2548142340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1626218867-4192506386-2548142340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1626218867-4192506386-2548142340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 98 A0 34 B4 0E CB 01 [binary data] IE - HKU\S-1-5-21-1626218867-4192506386-2548142340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1626218867-4192506386-2548142340-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-1626218867-4192506386-2548142340-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1626218867-4192506386-2548142340-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Software Company) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.01.14 21:37:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.31 01:30:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.31 01:30:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.31 01:30:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.12.31 01:30:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}: C:\Program Files\Copernic Desktop Search - Home\Firefox36Connector [2010.10.08 09:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Extensions [2010.10.08 09:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009.11.29 00:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Extensions\MediaCoder [2009.11.29 00:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard [2012.01.05 15:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\l6f6m1ap.default\extensions [2011.11.18 16:40:16 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\l6f6m1ap.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.04.09 10:50:20 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\l6f6m1ap.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.26 10:26:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\l6f6m1ap.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.01.12 16:55:03 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\l6f6m1ap.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2011.03.27 20:13:21 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\l6f6m1ap.default\extensions\personas@christopher.beard [2010.02.10 19:29:26 | 000,000,000 | ---D | M] ("Wolfram Toolbar") -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\l6f6m1ap.default\extensions\support@wolfram.com [2011.12.22 23:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.11.01 16:53:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.24 17:12:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.01 16:53:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2005.11.26 16:12:08 | 006,739,456 | ---- | M] (VideoLAN Team) -- C:\Program Files\mozilla firefox\plugins\npvlc.dll [2011.03.17 20:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.10.13 23:08:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.05 10:57:31 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.10.13 23:08:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.13 23:08:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.13 23:08:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.13 23:08:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.13 23:08:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: VLC multimedia plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvlc.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google-Suche = C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2011.12.29 16:52:30 | 000,440,030 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 74.208.10.249 gs.apple.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 15130 more lines... O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKU\S-1-5-21-1626218867-4192506386-2548142340-1000\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found. O3 - HKU\S-1-5-21-1626218867-4192506386-2548142340-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\OobeFldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\OobeFldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 () O8 - Extra context menu item: Free YouTube Download - C:\Users\Oliver\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59B49517-A39D-4397-A467-30351FD828C8}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2092E6A-3244-4680-B88A-905364BA5B41}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEA53EA8-1BE1-4416-8A81-874F3CDF30D8}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEA7E917-AA65-41C8-B997-77100356B042}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{09e12ae1-133b-11df-a74a-065043041084}\Shell - "" = AutoRun O33 - MountPoints2\{09e12ae1-133b-11df-a74a-065043041084}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{60215c43-0d7c-11df-b224-065043041084}\Shell - "" = AutoRun O33 - MountPoints2\{6e9f7e43-f640-11e0-908d-e680693b3d4f}\Shell - "" = AutoRun O33 - MountPoints2\{6e9f7e43-f640-11e0-908d-e680693b3d4f}\Shell\AutoRun\command - "" = J:\Setup.exe O33 - MountPoints2\{9ca9aeb7-bd7d-11de-a241-065043041084}\Shell - "" = AutoRun O33 - MountPoints2\{e2e90db2-aae0-11de-81e2-065043041084}\Shell - "" = AutoRun O33 - MountPoints2\{e2e90db2-aae0-11de-81e2-065043041084}\Shell\AutoRun\command - "" = H:\setup.exe -q O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^t@x aktuell.lnk - C:\Program Files\Buhl finance\tax Steuersoftware 2011\taxaktuell.exe - () MsConfig - StartUpFolder: C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpFolder: C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WISO Bewerbung-Reminder.lnk - C:\Program Files\Bewerbung 2008\KCReminder.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - File not found MsConfig - StartUpReg: BabylonToolbar - hkey= - key= - File not found MsConfig - StartUpReg: CaISSDT - hkey= - key= - File not found MsConfig - StartUpReg: Cm108Sound - hkey= - key= - File not found MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: DriverScanner - hkey= - key= - File not found MsConfig - StartUpReg: dvd43 - hkey= - key= - C:\Program Files\dvd43\DVD43_Tray.exe () MsConfig - StartUpReg: EasyDownloads - hkey= - key= - C:\Program Files\Easy Downloads\easydownloads.exe (http://izloader.com/) MsConfig - StartUpReg: eTrustPPAP - hkey= - key= - File not found MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) MsConfig - StartUpReg: hpqSRMon - hkey= - key= - File not found MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) MsConfig - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) MsConfig - StartUpReg: LifeCam - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: MMAgent - hkey= - key= - File not found MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: VX1000 - hkey= - key= - C:\Windows\vVX1000.exe (Microsoft Corporation) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 MsConfig - State: "services" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.01.07 00:02:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe [2012.01.06 22:09:59 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Desktop\Hijachthis [2012.01.06 21:44:45 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Avira [2012.01.06 21:42:07 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Malwarebytes [2012.01.06 21:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.06 21:41:59 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.06 21:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.06 21:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.01.06 21:40:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.01.06 21:40:38 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.01.06 21:40:38 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.01.06 21:40:38 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.01.06 21:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.01.06 21:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.01.06 21:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.01.06 21:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.01.06 21:29:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.12.31 12:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.12.31 12:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.12.31 12:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.12.29 20:03:48 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Symantec [2011.12.29 20:00:13 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.DLL [2011.12.29 20:00:13 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll [2011.12.29 19:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2011.12.28 21:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.12.28 21:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.12.22 23:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2011.12.22 23:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar [2011.12.22 23:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2011.12.17 19:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport [2011.12.17 19:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTransport [2011.12.14 17:24:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.12.14 17:24:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.12.14 17:24:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.12.14 17:24:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.12.14 17:24:10 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.12.14 17:24:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.12.14 17:24:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.12.13 17:13:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.12.13 17:13:41 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.12.13 17:13:41 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.12.13 17:13:39 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.12.13 17:13:21 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Users\Oliver\*.tmp files -> C:\Users\Oliver\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.01.07 00:02:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe [2012.01.06 23:44:58 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2012.01.06 23:34:05 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.06 23:34:05 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.06 23:19:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.06 22:02:41 | 000,302,592 | ---- | M] () -- C:\Users\Oliver\Desktop\sbnc1jxn.exe [2012.01.06 21:42:01 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.01.06 21:40:57 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.01.06 21:39:02 | 087,262,320 | ---- | M] () -- C:\Users\Oliver\Desktop\avira_free_antivirus_de.exe [2012.01.06 21:34:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.06 21:33:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.06 21:33:51 | 2146,492,416 | -HS- | M] () -- C:\hiberfil.sys [2012.01.06 21:22:33 | 000,630,180 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.06 21:22:33 | 000,596,472 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.06 21:22:33 | 000,126,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.06 21:22:33 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.05 13:05:14 | 000,116,736 | ---- | M] () -- C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.31 01:48:47 | 000,000,775 | ---- | M] () -- C:\Users\Oliver\ia_remove.sh [2011.12.29 16:52:30 | 000,440,030 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.12.29 16:50:55 | 000,440,030 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111229-165230.backup [2011.12.17 18:22:48 | 000,010,251 | ---- | M] () -- C:\Users\Oliver\.recently-used.xbel [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.12.14 20:18:33 | 000,292,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Users\Oliver\*.tmp files -> C:\Users\Oliver\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.01.06 22:02:40 | 000,302,592 | ---- | C] () -- C:\Users\Oliver\Desktop\sbnc1jxn.exe [2012.01.06 21:42:01 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.01.06 21:40:57 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.01.06 21:38:03 | 087,262,320 | ---- | C] () -- C:\Users\Oliver\Desktop\avira_free_antivirus_de.exe [2011.12.31 01:48:47 | 000,000,775 | ---- | C] () -- C:\Users\Oliver\ia_remove.sh [2011.12.17 18:22:48 | 000,010,251 | ---- | C] () -- C:\Users\Oliver\.recently-used.xbel [2011.03.22 17:38:45 | 000,111,104 | ---- | C] () -- C:\Windows\System32\Uharc.exe [2011.03.22 17:38:45 | 000,008,636 | ---- | C] () -- C:\Windows\System32\modifype.exe [2011.03.11 16:30:05 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2011.01.14 18:34:31 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll [2010.11.08 05:22:53 | 000,160,047 | ---- | C] () -- C:\Windows\hpoins14.dat.temp [2010.11.08 05:22:53 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat.temp [2010.07.17 18:43:12 | 000,160,068 | ---- | C] () -- C:\Windows\hpoins14.dat [2010.07.17 18:43:12 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat [2010.05.18 00:47:52 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.04.12 16:25:51 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix108.dll [2010.04.12 16:25:47 | 000,503,808 | R--- | C] () -- C:\Windows\System32\Cmeau108.exe [2010.04.12 16:25:47 | 000,000,211 | ---- | C] () -- C:\Windows\Cm108.ini.cfl [2010.04.12 16:24:54 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2010.04.12 16:24:54 | 000,002,029 | R--- | C] () -- C:\Windows\Cm108.ini.cfg [2010.04.12 16:24:54 | 000,000,233 | ---- | C] () -- C:\Windows\Cm108.ini.imi [2010.02.19 13:08:19 | 000,000,000 | ---- | C] () -- C:\Windows\pestpatrol5.INI [2010.01.17 10:20:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.01.17 10:20:30 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.11.27 18:25:49 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI [2009.11.27 17:55:57 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.11.24 16:55:14 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.11.21 21:56:41 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009.11.21 21:08:22 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.10.05 12:30:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.05 12:30:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.05 12:30:07 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.10.03 09:15:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.09.29 15:48:58 | 000,034,689 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\mdbu.bin [2009.09.29 15:39:30 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.09.29 11:22:16 | 000,019,572 | ---- | C] () -- C:\Windows\hpqins13.dat [2009.09.27 12:50:18 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2009.09.26 22:13:55 | 000,000,631 | ---- | C] () -- C:\Windows\wiso.ini [2009.09.26 20:01:16 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.09.26 15:25:14 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.09.26 15:06:38 | 000,116,736 | ---- | C] () -- C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.25 16:55:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.09.25 15:27:03 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2009.09.25 15:27:03 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2009.09.25 14:28:10 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2009.09.25 14:28:10 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2009.09.25 14:17:29 | 000,033,838 | ---- | C] () -- C:\Windows\Ascd_log.ini [2009.09.25 14:17:20 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2009.09.25 14:17:09 | 000,033,448 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.09.25 14:17:09 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2009.09.25 13:25:34 | 000,299,776 | ---- | C] () -- C:\Windows\System32\drivers\MRVW225.sys [2009.09.25 13:13:38 | 000,007,836 | ---- | C] () -- C:\Users\Oliver\AppData\Local\d3d9caps.dat [2009.09.25 12:40:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.08.16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.07.14 16:09:12 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.06.26 17:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2009.05.29 14:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.29 14:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.02.18 18:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.02.03 21:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2008.11.07 18:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll [2008.09.12 11:08:38 | 000,001,096 | R--- | C] () -- C:\Windows\cm108.ini [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 16:48:52 | 000,630,180 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:48:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:48:52 | 000,126,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:48:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:46:27 | 000,292,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,596,472 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,546 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.04.21 09:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [color=#E56717]========== LOP Check ==========[/color] [2010.08.11 10:27:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\AnvSoft [2011.12.30 18:08:48 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Azureus [2011.09.05 10:57:29 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Babylon [2010.08.11 10:46:49 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\BonkEnc [2011.03.30 16:46:58 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Broad Intelligence [2011.02.27 12:27:48 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Buhl Data Service [2010.06.18 08:49:44 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Bump Technologies, Inc [2011.09.05 11:00:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\cloudstorageexplorer.com [2010.11.29 19:02:53 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Copernic [2011.12.30 18:08:48 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\DAEMON Tools Lite [2011.04.09 10:50:19 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.30 18:08:48 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\FileZilla [2010.06.12 08:50:40 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Foxit Software [2010.07.23 17:33:25 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\FX Flat [2011.05.22 10:08:47 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\GHISLER [2011.04.18 19:28:04 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\GrabPro [2011.12.17 18:22:48 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\gtk-2.0 [2011.06.16 16:51:09 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Haenlein-Software [2010.04.24 11:36:30 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Haufe [2009.09.26 15:58:55 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\ImgBurn [2010.08.08 08:22:07 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\IsolatedStorage [2011.03.19 11:18:12 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\JGsoft [2010.01.14 20:33:00 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Jumping Bytes [2010.04.24 11:11:14 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Lexware [2009.09.29 15:41:31 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\MAGIX [2010.05.06 16:34:58 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Mobile Master [2010.01.14 21:42:40 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Nokia [2011.04.18 17:50:59 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\OpenCandy [2009.09.29 10:24:57 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\OpenOffice.org [2009.09.27 09:23:16 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Opera [2011.04.18 19:31:39 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Orbit [2010.01.14 21:42:54 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\PC Suite [2010.05.16 10:42:52 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Pegasys Inc [2011.03.12 10:46:40 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\phonostar GmbH [2010.12.18 15:20:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\ProgSense [2011.10.03 20:07:58 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\redsn0w [2010.05.06 16:25:42 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Samsung [2010.06.19 18:16:41 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\SpinTop [2011.09.12 19:23:54 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Stephan Muller [2011.09.25 18:57:21 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\TeamViewer [2010.10.08 09:52:56 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Thunderbird [2011.02.21 17:11:16 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\TuneUp Software [2010.11.19 22:30:19 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Uniblue [2010.06.05 10:12:53 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\VistaCodecs [2010.02.07 18:32:58 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Western Digital [2010.08.15 12:17:51 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\WinAVI [2011.11.29 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\WindSolutions [2011.09.04 19:21:41 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\xVideoServiceThief [2012.01.06 21:32:33 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AFFC859A < End of report > |
|
|
|
|
|
|
08.01.2012, 00:13
...neu hier
Themenstarter Beiträge: 4 |
#3
Und hier die OTL Extras.Txt
OTL Extras logfile created on: 07.01.2012 00:03:47 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Oliver\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 30,34% Memory free 7,97 Gb Paging File | 5,88 Gb Available in Paging File | 73,71% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 463,27 Gb Total Space | 98,44 Gb Free Space | 21,25% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 31,90 Mb Free Space | 31,90% Space Free | Partition Type: NTFS Drive F: | 463,27 Gb Total Space | 139,48 Gb Free Space | 30,11% Space Free | Partition Type: NTFS Drive I: | 1,86 Gb Total Space | 0,11 Gb Free Space | 5,65% Space Free | Partition Type: FAT Computer Name: OLIVER-PC | User Name: Oliver | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-1626218867-4192506386-2548142340-1000\SOFTWARE\Classes\<extension>] .txt [@ = txtfile] -- C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe (Just Great Software) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 -- () "AntiSpywareOverride" = 0 -- () "FirewallOverride" = 0 -- () "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1626218867-4192506386-2548142340-1000] "EnableNotifications" = 0 -- () "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 -- () "EnableFirewall" = 0 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 -- () "EnableFirewall" = 0 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 -- () "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B316F5A-EF6D-4014-8502-4E0667758D91}" = rport=138 | protocol=17 | dir=out | app=system | "{1FFDDFAA-E7A5-4650-9B91-763AE0C1306F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{307FE17B-214B-4074-A0E9-E6064B79A3A7}" = lport=137 | protocol=17 | dir=in | app=system | "{521EC9E6-657F-4175-AA2D-9A35CA6E1177}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{933DB305-7044-4721-98BD-B98F4F4B7DBB}" = lport=139 | protocol=6 | dir=in | app=system | "{A962512C-7737-4CA7-91A6-43156B15DB12}" = rport=445 | protocol=6 | dir=out | app=system | "{BA4AC349-95EF-4F6D-AFA1-960432784C25}" = lport=138 | protocol=17 | dir=in | app=system | "{C558E305-4D84-4388-BC0F-00BC34A7E49E}" = rport=139 | protocol=6 | dir=out | app=system | "{DD3FEAE4-C36C-4AEA-896D-702FEB01EBF5}" = lport=445 | protocol=6 | dir=in | app=system | "{E618BCB0-9D77-4BEE-B6EE-4B5A4F2B1BB2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{EF4A0A92-9770-4D1F-92F5-6A7EC84F54ED}" = rport=137 | protocol=17 | dir=out | app=system | "{FC78CD9E-5237-4C2A-A9CE-09D596BEED4D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00490E90-AB57-4172-BBA8-1CC7FED1A34C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{0C3ADF77-9115-471C-A7EB-AF7F15A6FF75}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{0CBE1428-32DC-4A79-B8A4-836FCB7AC4F2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1044DAED-9857-4862-8291-93F8B30AB7C6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{17C7A375-00C5-414C-A93D-7B48877C57A6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1FE7D8F4-A0AC-49CC-A10D-F05FC08C6F08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{213667A2-8C65-432B-B4A7-C3D165F9871B}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{284B8EF1-7952-4708-8E2D-1F9EB1739FD0}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{2AC65050-28D8-4DE0-8B6D-2B4D514C867C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2C7885C1-2278-4399-9208-1CA722EB7DBB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2F228C29-1CD4-49CB-A44D-C3F1633FB433}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{31AA69C1-35AE-4A33-803D-B80C9C41CDBE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{345B151D-071F-499C-B1A4-1D0ECBFBC6D0}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | "{37524324-A1A2-4C7B-8822-660902777FE2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3A20CDA7-6220-466E-A67F-BB650CE02902}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{454C0F8F-725D-44E0-9863-07532ACD794B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4AE0D145-D07B-4C35-9816-9862E2A5673C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4D19A8FB-C5BB-47BF-989C-2BA63BFF8AE2}" = protocol=17 | dir=in | app=c:\program files\easy downloads\easydownloads.exe | "{4D1A3A8E-D9D6-46E4-9C29-E1A6137D0D9E}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{4F8EE66A-AC88-4988-B7FC-7933A999D3E7}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | "{4FDF6576-7B7C-47B1-8E19-E4F8B4360743}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{50389BBC-6D54-436D-8E7C-EEE242E6E081}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5130C6A6-E0AB-49D3-B5E2-8B48970C2E7B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{56298D9F-62B5-48D2-A5BF-FDDCFE06EBE9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5736B072-BC40-4ACA-B176-5EE4BD4386BF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5FA3AAC2-0BBB-4AC2-8D60-06D551BBBFE6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{69B1AD76-298E-4F72-9D5F-93935BCDCEC5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6A169405-FF93-477C-8137-E40554BF4EFC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{75CE27C0-89F2-4FBF-B8BF-32825E57E217}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8248352E-4039-4DC9-A2AF-3A4EC156A29F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{83DD9155-7164-4BAE-9346-3ADDDB960E97}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8773E94A-6BAC-489B-A7B4-8BCD7DC0B0C5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8D388A2A-BA4B-46A0-A50E-43BC6354495B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{912E8300-517F-410D-8917-D9142186759A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9A208D42-25AD-4C11-951B-19DD990D67A4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9CB78F26-DD15-48D6-B428-792FC8CFE2C9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9F6549CE-EBEC-4DEA-B8C8-9FF1213D3964}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{9F74A757-7062-486F-BD96-94645A5B5A38}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A22531EE-3740-49CA-BE36-C31BE6648414}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A3D6631A-4A77-4B14-8756-49A4143501DB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AD18A192-B09B-443E-BD4F-E4350AE77683}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B2255051-7F41-4B76-95F2-562721DF82CB}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{C73341E5-E309-4D45-9948-775E7AD70EF2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CBDD553C-1D34-4507-B2B0-849A9478B326}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{DB50CAB8-8325-4126-AD8C-17699F7A9EC6}" = dir=in | app=c:\program files\itunes\itunes.exe | "{DE2B0AED-DE47-4D3D-81CC-6AB363ED44D8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E321BC4F-5441-4636-B4A2-5992E89C74C3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E4450958-65AE-4B0C-AF58-243650F763A1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E6694873-0A6B-4671-98C0-2115E95509B1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E81632DB-143C-4195-84CB-934DEEE30ADF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{ED99B2CD-EC0F-4F89-93BD-D4F2AC865C33}" = protocol=6 | dir=in | app=c:\program files\easy downloads\easydownloads.exe | "{EEDA25AB-DC2E-4EBD-BC79-99CAEB5594F7}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{F0487670-FFA4-4174-A76F-69EE47C72072}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{F32A2E5B-F5EA-4694-82A6-D379F6B27ADA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FE5B74DB-01B3-4CEA-95DD-FC3542A4DBC6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "TCP Query User{0778BC49-DB01-4452-996F-DD01D4EC9ADF}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | "TCP Query User{0843C957-DF79-43A0-9421-2542C4BF45E0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{D3408872-73D9-4D8B-8631-C951C197DCAA}C:\users\oliver\dreambox\dreamcontrolcenter\dcc.exe" = protocol=6 | dir=in | app=c:\users\oliver\dreambox\dreamcontrolcenter\dcc.exe | "TCP Query User{FCAEC762-2F0A-44A1-8DEF-50EBF45249F4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{163C02B8-5202-4BED-A908-8DA6FD880A54}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{643622FB-007D-4BA6-B098-248BB149AD28}C:\users\oliver\dreambox\dreamcontrolcenter\dcc.exe" = protocol=17 | dir=in | app=c:\users\oliver\dreambox\dreamcontrolcenter\dcc.exe | "UDP Query User{865DA524-D31C-428B-B6AB-74B26FECCAE1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{CFB0077C-A450-44C0-B313-33E70A617C14}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0117713F-9BB5-E61B-686F-D63C156E63F6}" = Catalyst Control Center Core Implementation "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime "{041FE46C-4EEA-06AE-4562-00A899F5A0FB}" = CCC Help English "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{056268CC-BC9E-4948-83BF-0C1E0E955883}" = Initio USB Default Controller Driver 32-bit "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights "{12C8466B-9E6E-4C0C-BBA3-F05EDF5C8ECA}" = Polar WebLink 2.4.11 "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{15facee5-6de3-41e5-9ee1-4037b860add2}" = Nero 9 "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3 "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help "{43A381E6-5BD0-4534-8DB8-03ED7DE168E0}" = USB54M "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5934808D-F536-2B3F-A488-F53372854C69}" = ccc-core-static "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5B0A0143-7ED2-4B68-A60B-9D92987DE5BD}" = Währungsumrechner "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{610E64BA-F306-6C12-F882-F76CD244A3C2}" = Catalyst Control Center Graphics Light "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver "{68BC06A7-FC85-D463-48BE-3EBFD9747C7E}" = Catalyst Control Center HydraVision Full "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011 "{6C9FA746-8759-4040-A436-42922CB3492E}" = VistaBootPRO 3.3 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{846AC73B-9394-48B9-B941-8F7F472F0047}" = Bluesoleil2.6.0.9 Release 070606 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007 "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8DE98D27-6F65-90E4-0F46-A0FCAEEB8D5B}" = Catalyst Control Center Graphics Previews Common "{8E8ECFE5-A675-4110-B785-3B044FF48CDB}" = TMPGEnc 4.0 XPress "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer "{96B784E2-F4D7-38A5-E9DD-6CC093B07C58}" = Catalyst Control Center Graphics Full New "{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress "{A7E110EF-3B05-4CCD-3CB7-3D373325D43A}" = Catalyst Control Center InstallProxy "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed "{AB562530-921D-11DE-A208-005056C00008}" = Paragon Backup & Recovery™ 10 Free Edition "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC42EE05-1F5D-4B92-851A-DBFE81088A0C}" = QuickSteuer 2010 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min "{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0 "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit "{BCDD3356-B5B2-9D0F-3776-8D5E28893F82}" = ccc-utility "{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit "{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D2D15362-27A7-9D88-35B2-C04697E4CD94}" = Catalyst Control Center Graphics Previews Vista "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help "{D85EE6FC-1263-3A84-CEB7-A53E97B6A835}" = ATI Catalyst Install Manager "{DDD9BB0C-C116-91D3-A45B-FA3291781BB0}" = Catalyst Control Center Graphics Full Existing "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext "{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = Flat Trader "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0 "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights "{EB3CA087-C3C1-4B7A-9AF9-052FF6DD823A}" = Foxit Reader "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB5AE940-8E5D-11DE-992A-005056B12123}" = Haufe iDesk-Service "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100 "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{F996DEB7-4AD7-4F15-84AA-114B8BE45911}" = Polar UpLink Tool "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171 "{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0 "{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}" = WISO Bewerbung 2008 "{FD66AF34-C18A-4cea-8421-2F3B39E9B07E}" = YouTube Downloader Toolbar v4.9 "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7-Zip" = 7-Zip 4.65 "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.5 "CCleaner" = CCleaner "C-Media CM108 Like Sound Driver" = USB PnP Sound Device "DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox "DVD Flick_is1" = DVD Flick 1.3.0.7 "DVD43_is1" = DVD43 v4.6.0 "EasyBCD" = EasyBCD 1.7.2 "EditPad Lite" = Just Great Software EditPad Lite DE 6.7.0 "Foxit PDF Editor" = Foxit PDF Editor "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2 "Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "Google Chrome" = Google Chrome "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPExtendedCapabilities" = HP Customer Participation Program 9.0 "ImgBurn" = ImgBurn "IsoBuster_is1" = IsoBuster 2.7 "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800 "MediaCoder" = MediaCoder 0.7.5.4762 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de) "Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7) "mv61xxDriver" = marvell 61xx "Nokia PC Suite" = Nokia PC Suite "QuicktimeAlt_is1" = QuickTime Alternative 1.47 "RealPlayer 12.0" = RealPlayer "Redtube Video Downloader_is1" = Redtube Video Downloader 3.26 "rFactor" = rFactor (remove only) "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SDEPRO20_is1" = SDExplorer 3.0 "SMPlayer" = SMPlayer 0.6.9 "SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010) "Totalcmd" = Total Commander (Remove or Repair) "Tuned!" = Tuned! "UltSounds" = Windows-Soundschemas "UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™ "VLC media player" = VideoLAN VLC media player 0.8.4 "Winamp" = Winamp "WinAVI Video Converter 10.5_is1" = WinAVI Video Converter "WinAVI Video Converter_is1" = WinAVI Video Converter "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "Youporn Video Downloader_is1" = Youporn Video Downloader 3.21 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1626218867-4192506386-2548142340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "EasyDownloads" = EasyDownloads - fastest downloads in two clicks! "InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = Flat Trader "Winamp Detect" = Winamp Erkennungs-Plug-in [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 06.01.2012 16:34:13 | Computer Name = Oliver-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 06.01.2012 16:34:13 | Computer Name = Oliver-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 06.01.2012 16:34:24 | Computer Name = Oliver-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 06.01.2012 16:34:24 | Computer Name = Oliver-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 06.01.2012 16:41:06 | Computer Name = Oliver-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 06.01.2012 16:41:06 | Computer Name = Oliver-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 06.01.2012 16:42:19 | Computer Name = Oliver-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 06.01.2012 16:42:19 | Computer Name = Oliver-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 06.01.2012 16:51:02 | Computer Name = Oliver-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 06.01.2012 16:51:02 | Computer Name = Oliver-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. [ System Events ] Error - 02.01.2012 01:17:46 | Computer Name = Oliver-PC | Source = W32Time | ID = 39452706 Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +86458 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind und dass die Zeitquelle time-b.nist.gov,0x9 (ntp.m|0x9|0.0.0.0:123->129.6.15.29:123) funktionsfähig ist. Error - 02.01.2012 12:52:45 | Computer Name = Oliver-PC | Source = W32Time | ID = 39452706 Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +86459 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind und dass die Zeitquelle time-b.nist.gov,0x9 (ntp.m|0x9|0.0.0.0:123->129.6.15.29:123) funktionsfähig ist. Error - 03.01.2012 00:25:24 | Computer Name = Oliver-PC | Source = W32Time | ID = 39452706 Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +86459 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind und dass die Zeitquelle time-b.nist.gov,0x9 (ntp.m|0x9|0.0.0.0:123->129.6.15.29:123) funktionsfähig ist. Error - 03.01.2012 02:39:58 | Computer Name = Oliver-PC | Source = W32Time | ID = 39452706 Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +86459 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind und dass die Zeitquelle time-b.nist.gov,0x9 (ntp.m|0x9|0.0.0.0:123->129.6.15.29:123) funktionsfähig ist. Error - 03.01.2012 06:24:24 | Computer Name = Oliver-PC | Source = W32Time | ID = 39452706 Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +86459 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind und dass die Zeitquelle time-b.nist.gov,0x9 (ntp.m|0x9|0.0.0.0:123->129.6.15.29:123) funktionsfähig ist. Error - 04.01.2012 00:04:41 | Computer Name = Oliver-PC | Source = W32Time | ID = 39452706 Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +86460 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind und dass die Zeitquelle time-b.nist.gov,0x9 (ntp.m|0x9|0.0.0.0:123->129.6.15.29:123) funktionsfähig ist. Error - 04.01.2012 11:25:26 | Computer Name = Oliver-PC | Source = W32Time | ID = 39452706 Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +86461 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind und dass die Zeitquelle time-b.nist.gov,0x9 (ntp.m|0x9|0.0.0.0:123->129.6.15.29:123) funktionsfähig ist. Error - 05.01.2012 10:14:56 | Computer Name = Oliver-PC | Source = DCOM | ID = 10010 Description = Error - 06.01.2012 16:32:29 | Computer Name = Oliver-PC | Source = DCOM | ID = 10010 Description = Error - 06.01.2012 16:35:23 | Computer Name = Oliver-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > |
|
|
|
|
|
|
08.01.2012, 20:35
...neu hier
Themenstarter Beiträge: 4 |
#4
Nach einem Reset meiner Fritzbox geht soweit wieder alles (ging nicht sofort, hat ca. 1/2h gedauert) Vielleicht lag es daran. Für den Moment hat es sich erledigt - wenn das Problem wieder auftreten sollte, würde ich mich nochmals melden.
Vielen Dank. mr.mister |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Seit kurzem werden auf meinem Rechner diverse Internetseiten, zB. symantec.de, sowie auch andere Seiten, welche sich mit Anti-Virenprogrammen beschäftigen, und auch einige andere Seiten, zB.chip.de, geblockt. Bemerkt habe ich es zuerst auf der Amazon-Seite. Diese öffnet nur sehr langsam und dann ohne Grafiken/Bilder.
Mein Avira-Antivir findet keinen Virus.
Folgendes hab ich schon getan:
1.) Temp. Dateien beseitigt
2.)malwarebytes durchlaufen lassen - ohne negatives Ergebnis
3.) GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-06 23:42:43
Windows 6.0.6002 Service Pack 2 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3 SAMSUNG_HD502IJ rev.1AA01118
Running: sbnc1jxn.exe; Driver: C:\Users\Oliver\AppData\Local\Temp\kxliapob.sys
---- System - GMER 1.0.15 ----
SSDT 9DEDD5AE ZwCreateSection
SSDT 9DEDD5B8 ZwRequestWaitReplyPort
SSDT 9DEDD5B3 ZwSetContextThread
SSDT 9DEDD5BD ZwSetSecurityObject
SSDT 9DEDD5C2 ZwSystemDebugControl
SSDT 9DEDD54F ZwTerminateProcess
INT 0x51 ? 84865BF8
INT 0x72 ? 86D88BF8
INT 0x82 ? 86D88BF8
INT 0x82 ? 86D88BF8
INT 0x82 ? 86D88BF8
INT 0x82 ? 86D88BF8
INT 0x92 ? 86D88BF8
INT 0xA2 ? 84866BF8
INT 0xA2 ? 84866BF8
INT 0xA2 ? 84866BF8
INT 0xA2 ? 84866BF8
INT 0xA2 ? 86D88BF8
INT 0xA2 ? 84866BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 828BF998 4 Bytes [AE, D5, ED, 9D] {SCASB ; AAD 0xed; POPF }
.text ntkrnlpa.exe!KeSetEvent + 539 828BFCBC 4 Bytes [B8, D5, ED, 9D]
.text ntkrnlpa.exe!KeSetEvent + 56D 828BFCF0 4 Bytes [B3, D5, ED, 9D] {MOV BL, 0xd5; IN EAX, DX; POPF }
.text ntkrnlpa.exe!KeSetEvent + 5D1 828BFD54 4 Bytes [BD, D5, ED, 9D]
.text ntkrnlpa.exe!KeSetEvent + 619 828BFD9C 4 Bytes [C2, D5, ED, 9D] {RET 0xedd5; POPF }
.text ...
? System32\Drivers\speg.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE ataport.SYS!DllUnload 8869DB2E 5 Bytes JMP 848661D8
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DE0C000, 0x2DE45A, 0xE8000020]
.text USBPORT.SYS!DllUnload 889A341B 5 Bytes JMP 86D881D8
.text a07o5wm8.SYS 887B6000 22 Bytes [82, 43, BD, 82, 6C, 42, BD, ...]
.text a07o5wm8.SYS 887B6017 137 Bytes [00, 32, 47, FA, 82, 3D, 45, ...]
.text a07o5wm8.SYS 887B60A1 43 Bytes [C0, 8B, 82, 74, B6, 85, 82, ...]
.text a07o5wm8.SYS 887B60CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text a07o5wm8.SYS 887B60DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 9E04F03F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9E04F0AF 1 Byte [16]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9E04F0AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 9E04F130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 9E04F137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82E9A6D6] \SystemRoot\System32\Drivers\speg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82E9A042] \SystemRoot\System32\Drivers\speg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82E9A800] \SystemRoot\System32\Drivers\speg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82E9A0C0] \SystemRoot\System32\Drivers\speg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82E9A13E] \SystemRoot\System32\Drivers\speg.sys
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortWritePortUchar] 83887DBF
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F887D90
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\a07o5wm8.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7400A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FE8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7403CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[420] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 856291F8
Device \FileSystem\fastfat \FatCdrom 87E0B500
Device \Driver\volmgr \Device\VolMgrControl 848681F8
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\usbuhci \Device\USBPDO-0 86E0D1F8
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\usbuhci \Device\USBPDO-1 86E0D1F8
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\usbuhci \Device\USBPDO-2 86E0D1F8
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\usbehci \Device\USBPDO-3 86DEF1F8
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\usbuhci \Device\USBPDO-4 86E0D1F8
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\PCI_PNP7387 \Device\00000062 speg.sys
Device \Driver\usbuhci \Device\USBPDO-5 86E0D1F8
Device \Driver\usbuhci \Device\USBPDO-6 86E0D1F8
Device \Driver\volmgr \Device\HarddiskVolume1 848681F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 86DEF1F8
Device \Driver\volmgr \Device\HarddiskVolume2 848681F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 86EB01F8
Device \Driver\volmgr \Device\HarddiskVolume3 848681F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 856271F8
Device \Driver\atapi \Device\Ide\IdePort0 856271F8
Device \Driver\atapi \Device\Ide\IdePort1 856271F8
Device \Driver\atapi \Device\Ide\IdePort2 856271F8
Device \Driver\atapi \Device\Ide\IdePort3 856271F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 856271F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-5 856271F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-6 856271F8
Device \Driver\cdrom \Device\CdRom1 86EB01F8
Device \Driver\volmgr \Device\HarddiskVolume4 848681F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume5 848681F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume6 848681F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\000000a8 87C501F8
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\USBSTOR \Device\000000a9 87C501F8
Device \Driver\volmgr \Device\HarddiskVolume7 848681F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\netbt \Device\NetBt_Wins_Export 872431F8
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy11 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy12 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\netbt \Device\NetBT_Tcpip_{BEA7E917-AA65-41C8-B997-77100356B042} 872431F8
Device \Driver\sptd \Device\1885409399 speg.sys
Device \Driver\Smb \Device\NetbiosSmb 8729E1F8
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy13 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy20 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy14 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy21 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy15 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy22 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\iScsiPrt \Device\RaidPort0 86ED51F8
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy16 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy17 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy18 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy19 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\usbuhci \Device\USBFDO-0 86E0D1F8
Device \Driver\usbuhci \Device\USBFDO-1 86E0D1F8
Device \Driver\usbuhci \Device\USBFDO-2 86E0D1F8
Device \Driver\usbehci \Device\USBFDO-3 86DEF1F8
Device \Driver\usbuhci \Device\USBFDO-4 86E0D1F8
Device \Driver\usbuhci \Device\USBFDO-5 86E0D1F8
Device \Driver\usbuhci \Device\USBFDO-6 86E0D1F8
Device \Driver\usbehci \Device\USBFDO-7 86DEF1F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 856281F8
Device \Driver\a07o5wm8 \Device\Scsi\a07o5wm81Port6Path0Target0Lun0 86EAB1F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1 856281F8
Device \Driver\a07o5wm8 \Device\Scsi\a07o5wm81 86EAB1F8
Device \FileSystem\fastfat \Fat 87E0B500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 87EF0500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0xF0 0x6F 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF7 0x39 0x66 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDE 0xD8 0x9E 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0xF0 0x6F 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF7 0x39 0x66 0x19 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDE 0xD8 0x9E 0xFE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC9F0E17-DF2C-2024-93FC-FE478F6FE0F2}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC9F0E17-DF2C-2024-93FC-FE478F6FE0F2}@palpojogakigodkmnjjffbgoglbgiiif 0x61 0x62 0x69 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC9F0E17-DF2C-2024-93FC-FE478F6FE0F2}@panpgmpdfgiepnfalhkhkpkaggkbibab 0x61 0x62 0x69 0x6F ...
---- EOF - GMER 1.0.15 ----
5.) Hijackthis-Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:48:00, on 06.01.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BumpTop\BumpTop.exe
C:\Program Files\BumpTop\TexHelper.exe
C:\Program Files\BumpTop\TexHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Oliver\Desktop\Hijachthis\HJT.exe
C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: BumpTop.lnk = C:\Program Files\BumpTop\BumpTop.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\Oliver\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Haufe iDesk-Service in C:\Program Files\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8877 bytes
6.) Unnstall-Liste ist leer
Vielen Dank schon mal im Vorraus.