Avast findet Win32:Bolzano-W / temp Datei |
||
---|---|---|
#0
| ||
13.04.2012, 15:10
Member
Beiträge: 36 |
||
|
||
13.04.2012, 15:34
Member
Themenstarter Beiträge: 36 |
#2
Die erste Meldung / Popup lautete Win32:Bolzano-W. Im Protokoll steht Win32:Gremo. Jetzt habe ich die Datei im Container erneut überprüft und Avast meldet: kein Virus gefunden. Habe die Datei nicht bereinigt. Keine Ahnung, ob diese Ergänzung wichtig ist. Erklärung False Positive?
|
|
|
||
14.04.2012, 00:49
Moderator
Beiträge: 5694 |
#3
Herzlich Willkommen auf dem Protecus Forum
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden. • Bitte arbeite alle Schritte der Reihe nach ab. • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben. • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst. • Bitte kein Crossposting (posten in mehreren Foren). • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert. • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst. • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten. Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Das OTL Log sieht sehr komisch aus. Hast Du es normal hierher kopiert? |
|
|
||
14.04.2012, 13:53
Member
Themenstarter Beiträge: 36 |
#4
Hallo und danke für die schnelle Antwort. Ja, ich habe es normal hierher kopiert, hatte aber versehentlich einen Code Tag im Benutzerdefinierte Scans Feld. Sieht es deshalb komisch aus? Im Anhang ein zweiter Scan.
OTL logfile created on: 14.04.2012 13:39:51 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\PC\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 67,24% Memory free 7,82 Gb Paging File | 6,46 Gb Available in Paging File | 82,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 256,00 Gb Total Space | 220,42 Gb Free Space | 86,10% Space Free | Partition Type: NTFS Drive D: | 340,18 Gb Total Space | 335,57 Gb Free Space | 98,65% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012.04.13 14:34:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2011.10.17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.10.17 16:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.06.22 11:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.06.22 11:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009.11.10 20:43:58 | 000,906,912 | ---- | M] (Acronis) -- C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe PRC - [2009.11.10 20:36:22 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012.04.12 10:42:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll MOD - [2012.04.12 10:42:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll MOD - [2012.04.12 10:42:24 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll MOD - [2012.02.23 12:21:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012.02.23 12:20:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012.02.23 12:20:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012.02.23 12:20:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012.02.23 12:20:53 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012.02.21 16:37:01 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\056e417666352c7a702530d8a2770e30\IAStorCommon.ni.dll MOD - [2012.01.13 16:33:27 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2010.11.21 08:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.11.10 18:39:32 | 001,332,576 | ---- | M] () -- C:\Program Files (x86)\Seagate\DiscWizard\fox.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.03.30 16:56:34 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.03.22 12:14:30 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.10.17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011.06.22 11:18:40 | 001,191,656 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.04.06 16:50:56 | 000,610,816 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.10 20:37:02 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2012.03.26 00:33:38 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.03.26 00:33:33 | 000,210,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr) DRV:64bit: - [2012.03.26 00:33:31 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53) DRV:64bit: - [2012.03.26 00:33:28 | 000,275,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.03.07 02:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.03.07 02:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.03.07 02:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.03.07 02:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.03.07 02:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.03.07 02:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.26 00:17:56 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2012.02.26 00:17:54 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2012.01.10 15:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.11.24 00:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.11.22 16:21:46 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.11.22 16:21:46 | 000,130,024 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.10.17 16:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.09.15 10:15:00 | 000,216,064 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0) DRV:64bit: - [2011.09.15 10:14:58 | 000,100,352 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub) Renesas Electronics USB 3.0 Hub Driver (Version 3.0) DRV:64bit: - [2011.09.13 16:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.09.13 16:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.03.18 02:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc) DRV:64bit: - [2011.03.18 02:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30) DRV:64bit: - [2011.03.13 10:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.03.13 10:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.03.13 10:58:42 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu) DRV:64bit: - [2011.03.13 10:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.07 11:01:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx) DRV:64bit: - [2011.03.07 11:01:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.02.26 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.14 09:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2007.05.11 19:01:10 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV - [2012.03.22 12:14:28 | 000,163,480 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {79E9E601-992D-46B5-BAE5-30C72ECAB790} IE:64bit: - HKLM\..\SearchScopes\{79E9E601-992D-46B5-BAE5-30C72ECAB790}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {79E9E601-992D-46B5-BAE5-30C72ECAB790} IE - HKLM\..\SearchScopes\{79E9E601-992D-46B5-BAE5-30C72ECAB790}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://syb.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF E2 43 5F F7 D1 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.11 20:11:41 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate) O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4CE61E6-7C3F-47E9-A69F-9359700546CB}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Error creating restore point. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.04.13 14:44:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2012.04.13 14:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.13 14:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.13 14:44:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.04.13 14:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.04.08 22:38:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Britannica 12.0 [2012.04.08 22:30:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry [2012.04.08 22:29:01 | 000,000,000 | -H-D | C] -- C:\Users\Admin\InstallAnywhere [2012.04.02 16:30:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Opera [2012.04.02 16:30:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Opera [2012.04.02 16:30:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2012.03.30 17:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie [2012.03.28 18:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp [2012.03.28 18:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp [2012.03.28 17:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW [2012.03.28 17:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW [2012.03.26 02:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS [2012.03.26 01:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software [2012.03.26 01:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software [2012.03.26 00:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis [2012.03.26 00:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation [2012.03.26 00:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital Corporation [2012.03.26 00:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis [2012.03.26 00:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis [2012.03.26 00:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis [2012.03.25 20:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2012.03.25 20:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2012.03.23 14:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2012.03.23 14:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2012.03.23 14:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2012.03.22 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2012.03.22 15:54:20 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.5 [2012.03.21 18:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.03.21 18:04:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\vlc [2012.03.16 15:28:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Games [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.04.14 13:40:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.04.14 13:39:44 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.14 13:39:44 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.14 13:37:04 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.04.14 13:37:04 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.04.14 13:37:04 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.04.14 13:37:04 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.04.14 13:37:04 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.14 13:32:43 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.14 13:32:32 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.14 13:32:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.14 13:32:24 | 3151,400,960 | -HS- | M] () -- C:\hiberfil.sys [2012.04.13 14:51:49 | 000,003,270 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.04.13 14:44:44 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.04.12 10:25:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.04.09 12:52:09 | 000,315,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.04.08 22:38:43 | 000,000,667 | ---- | M] () -- C:\Users\Public\Desktop\Deluxe Edition.lnk [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.04.02 16:30:22 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.03.28 18:06:43 | 000,000,948 | ---- | M] () -- C:\Users\Admin\Desktop\Core Temp.lnk [2012.03.28 17:47:44 | 000,000,935 | ---- | M] () -- C:\Users\Admin\Desktop\SIW.lnk [2012.03.26 01:13:08 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\GetDataBack for FAT.lnk [2012.03.26 00:33:40 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image WDEdition.lnk [2012.03.25 20:02:50 | 000,001,980 | ---- | M] () -- C:\Users\Admin\Desktop\CrystalDiskInfo.lnk [2012.03.25 20:01:29 | 000,001,057 | ---- | M] () -- C:\Users\Admin\Desktop\Secunia PSI.lnk [2012.03.23 14:33:49 | 000,001,102 | ---- | M] () -- C:\Users\Admin\Desktop\EVEREST Home Edition.lnk [2012.03.23 14:33:29 | 000,001,007 | ---- | M] () -- C:\Users\Admin\Desktop\SpeedFan.lnk [2012.03.23 14:33:28 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2012.03.22 15:54:20 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk [2012.03.21 18:25:46 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.03.18 23:59:52 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.04.13 14:44:44 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.04.08 22:38:43 | 000,000,667 | ---- | C] () -- C:\Users\Public\Desktop\Deluxe Edition.lnk [2012.04.02 16:30:22 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.04.02 16:30:22 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012.03.30 16:54:00 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.03.28 18:06:43 | 000,000,948 | ---- | C] () -- C:\Users\Admin\Desktop\Core Temp.lnk [2012.03.28 17:47:44 | 000,000,935 | ---- | C] () -- C:\Users\Admin\Desktop\SIW.lnk [2012.03.28 16:30:49 | 000,315,968 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.26 01:13:08 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for FAT.lnk [2012.03.26 00:33:40 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image WDEdition.lnk [2012.03.23 14:33:49 | 000,001,102 | ---- | C] () -- C:\Users\Admin\Desktop\EVEREST Home Edition.lnk [2012.03.23 14:33:29 | 000,001,007 | ---- | C] () -- C:\Users\Admin\Desktop\SpeedFan.lnk [2012.03.23 14:33:27 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012.03.22 15:54:20 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk [2012.03.16 18:05:34 | 000,001,057 | ---- | C] () -- C:\Users\Admin\Desktop\Secunia PSI.lnk [2012.02.29 22:58:32 | 000,000,126 | ---- | C] () -- C:\Windows\SysWow64\quietHDD.ini [2012.02.23 13:01:11 | 000,003,270 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.02.10 11:34:56 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.02.10 11:34:55 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.02.10 11:34:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.02.10 11:34:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.02.10 11:34:53 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.01.13 15:27:07 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.13 14:35:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [color=#E56717]========== LOP Check ==========[/color] [2012.02.24 17:26:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GHISLER [2012.01.13 15:42:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InfraRecorder [2012.03.08 17:42:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LibreOffice [2012.04.02 16:30:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera [2012.04.11 13:45:40 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color] [2012.03.16 16:01:14 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.01.13 14:32:14 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.02.22 21:07:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.02.21 16:33:06 | 000,000,000 | ---D | M] -- C:\Intel [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.03.28 18:06:42 | 000,000,000 | R--D | M] -- C:\Program Files [2012.04.13 14:44:42 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.04.13 14:44:43 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.02.22 21:07:04 | 000,000,000 | -HSD | M] -- C:\Programme [2012.02.22 21:07:05 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.02.24 15:18:30 | 000,000,000 | R--D | M] -- C:\Sandbox [2012.04.12 10:35:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.02.24 17:26:47 | 000,000,000 | ---D | M] -- C:\totalcmd [2012.03.16 16:01:04 | 000,000,000 | R--D | M] -- C:\Users [2012.04.13 14:51:49 | 000,000,000 | ---D | M] -- C:\Windows [color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color] [color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color] [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] < End of report > Anhang: OTL.Txt
|
|
|
||
15.04.2012, 13:32
Moderator
Beiträge: 5694 |
#5
Ist das ein geschäftlich genutzter PC?
|
|
|
||
15.04.2012, 18:51
Member
Themenstarter Beiträge: 36 |
#6
Nein, privat. "Relativ" neu. Wieso? Ich traue mich gar nicht zu fragen, aber sieht es nach
einer schlimmen Infektion aus? Bin absoluter Laie, d.h. ich kann keine Logs "entziffern." |
|
|
||
16.04.2012, 23:20
Moderator
Beiträge: 5694 |
#7
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren. Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören. • Doppelklicke auf die ComboFix.exe und folge den Anweisungen. • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird. • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst. **Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren. Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen: Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei. |
|
|
||
17.04.2012, 13:31
Member
Themenstarter Beiträge: 36 |
#8
Neue Info: Definition Update for Windows Defender - KB915579 (Definition 1.123.1936.0) Fehlgeschlagen. Danach erfolgreiches Update. Am Tag der oben angeführten Virenmeldung auch. Ich habe den Defender jetzt deaktiviert oder kann das Programm trotz Avast genutzt werden? 5 Sekunden später meldet Avast "C:\99f54790ebbeec425462\16C03A37-69EE-4BA6-9A64-03F4E3AE8101mpasdlta.vdm.new.temp [L] Win32:Bolzano-W (0)
Datei erfolgreich in Container verschoben" Gehört diese Datei eventuell zum Windows Defender? In einem englischsprachigen Forum habe ich einen entsprechenden Eintrag gefunden, dass mpasdlta.vdm darauf hindeutet und auch der Ort des Ordners. Anhang: ComboFix.txt
|
|
|
||
17.04.2012, 21:01
Moderator
Beiträge: 5694 |
#9
Ja das sieht nach Virendefinitionen aus... Hast Du ein mal ein AVG Update gemacht?
|
|
|
||
18.04.2012, 10:38
Member
Themenstarter Beiträge: 36 |
#10
Also muss ich mir keine Gedanken machen und auch das System nicht neu aufsetzen? Kann ich Combofix wieder deinstallieren? Meinst du Avast Update? Ja, zeigt die zweite Datei von gestern immer noch als Win32: Gremo an. Habe jetzt mal einen Verdacht auf Fehlmeldung an das Virenlabor übermittelt. Kann ich Avast und Windows Defender wirklich zusammen nutzen? Ich habe gelesen, dass dies keine Konflikte mit sich bringt.
|
|
|
||
19.04.2012, 02:19
Moderator
Beiträge: 5694 |
#11
Ja das kannst Du eigentlich ohne Probleme. Dann schau einmal was das Labor meint.
|
|
|
||
19.04.2012, 10:26
Member
Themenstarter Beiträge: 36 |
#12
Labor mein kein Virus. Danke nochmal für die schnelle Unterstützung!
|
|
|
||
19.04.2012, 14:42
Moderator
Beiträge: 5694 |
||
|
||
Nach langer Zeit benötige ich wieder mal Eure Hilfe. Danke.
Avast hat heute einen Fund gemeldet.
C:\4ee65ffc3dfa6f47c855cd1542af63\33643A15-6E92-4702-AB54-B0D77D2B58E9mpasdlta.vdm.new.temp [L] Win32:Bolzano-W (0)
Datei erfolgreich in Container verschoben
Win 7 - 64bit System. Gestern habe ich per Secunia PSI alle Updates eingespielt. Standardbenutzer.
Virustotal Ergebnisse
Code
Danach Vollständige Prüfung Avast: kein Virus gefunden.
Malwarebytes QuickScan Logdatei
Code
OTL.txt
OTL logfile created on: 13.04.2012 14:53:57 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type =
NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format:
dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,47 Gb Available Physical Memory |
63,22% Memory free
7,82 Gb Paging File | 6,40 Gb Available in Paging File | 81,79% Paging
File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:
\Program Files (x86)
Drive C: | 256,00 Gb Total Space | 220,40 Gb Free Space | 86,09% Space
Free | Partition Type: NTFS
Drive D: | 340,18 Gb Total Space | 335,57 Gb Free Space | 98,65% Space
Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit
Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name
Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012.04.13 14:34:37 | 000,593,920 | ---- | M] (OldTimer Tools) --
C:\Users\PC\Desktop\OTL.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) --
C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) --
C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.02.24 15:02:30 | 001,294,904 | ---- | M] (Secunia) -- C:
\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.10.17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation)
-- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology
\IAStorDataMgrSvc.exe
PRC - [2011.10.17 16:12:48 | 000,284,440 | ---- | M] (Intel Corporation)
-- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology
\IAStorIcon.exe
PRC - [2011.06.22 11:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:
\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft
Corporation) -- C:\Windows\Microsoft.NET\Framework
\v4.0.30319\mscorsvw.exe
PRC - [2009.11.10 20:43:58 | 000,906,912 | ---- | M] (Acronis) -- C:
\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009.11.10 20:36:22 | 000,136,544 | ---- | M] (Seagate) -- C:
\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009.11.10 20:30:14 | 001,352,480 | ---- | M] (Seagate) -- C:
\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012.04.12 10:42:30 | 012,433,408 | ---- | M] () -- C:\Windows
\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012.04.12 10:42:24 | 001,590,784 | ---- | M] () -- C:\Windows
\assembly\NativeImages_v2.0.50727_32\System.Drawing
\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012.02.23 12:21:26 | 000,771,584 | ---- | M] () -- C:\Windows
\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#
\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.23 12:20:59 | 003,347,968 | ---- | M] () -- C:\Windows
\assembly\NativeImages_v2.0.50727_32\WindowsBase
\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.23 12:20:56 | 005,453,312 | ---- | M] () -- C:\Windows
\assembly\NativeImages_v2.0.50727_32\System.Xml
\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.23 12:20:54 | 000,971,264 | ---- | M] () -- C:\Windows
\assembly\NativeImages_v2.0.50727_32\System.Configuration
\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.23 12:20:53 | 007,967,232 | ---- | M] () -- C:\Windows
\assembly\NativeImages_v2.0.50727_32\System
\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012.02.21 16:37:01 | 000,014,336 | ---- | M] () -- C:\Windows
\assembly\NativeImages_v2.0.50727_32\IAStorCommon
\056e417666352c7a702530d8a2770e30\IAStorCommon.ni.dll
MOD - [2012.01.13 16:33:27 | 011,490,304 | ---- | M] () -- C:\Windows
\assembly\NativeImages_v2.0.50727_32\mscorlib
\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.21 08:49:22 | 000,032,768 | ---- | M] () -- C:\Windows
\assembly\GAC_MSIL\System.Runtime.Remoting.resources
\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows
\assembly\GAC_MSIL\mscorlib.resources
\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.11.10 18:39:32 | 001,332,576 | ---- | M] () -- C:\Program
Files (x86)\Seagate\DiscWizard\fox.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD)
[Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External
Events Utility)
SRV - [2012.03.30 16:56:34 | 000,253,600 | ---- | M] (Adobe Systems
Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed
\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.22 12:14:30 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D)
[Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software)
[Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe --
(avast! Antivirus)
SRV - [2012.02.24 15:02:30 | 001,294,904 | ---- | M] (Secunia) [Auto |
Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI
Agent)
SRV - [2012.02.24 15:02:28 | 000,656,440 | ---- | M] (Secunia) [Auto |
Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia
Update Agent)
SRV - [2011.10.17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation)
[Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage
Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.06.22 11:18:40 | 001,191,656 | ---- | M] (Acronis) [Auto |
Running] -- C:\Program Files (x86)\Common Files\Acronis
\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.04.06 16:50:56 | 000,610,816 | ---- | M] (Sphinx Software)
[Auto | Running] -- C:\Programme\Windows7FirewallControl
\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft
Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh
\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.)
[Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows
Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft
Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework
\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.10 20:37:02 | 000,606,048 | ---- | M] (Seagate) [Auto |
Running] -- C:\Program Files (x86)\Common Files\Seagate
\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft
Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework
\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2012.03.26 00:33:38 | 000,971,360 | ---- | M]
(Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers
\timntr.sys -- (timounter)
DRV:64bit: - [2012.03.26 00:33:33 | 000,210,016 | ---- | M]
(Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers
\vididr.sys -- (vididr)
DRV:64bit: - [2012.03.26 00:33:31 | 000,141,920 | ---- | M]
(Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers
\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV:64bit: - [2012.03.26 00:33:28 | 000,275,552 | ---- | M]
(Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers
\snapman.sys -- (snapman)
DRV:64bit: - [2012.03.07 02:04:06 | 000,819,032 | ---- | M]
(AVAST Software) [File_System | System | Running] -- C:\Windows
\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 02:04:04 | 000,337,240 | ---- | M]
(AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative
\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 02:02:20 | 000,053,080 | ---- | M]
(AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative
\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 02:01:57 | 000,059,224 | ---- | M]
(AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative
\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 02:01:52 | 000,069,976 | ---- | M]
(AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative
\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 02:01:32 | 000,024,408 | ---- | M]
(AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative
\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M]
(Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows
\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.26 00:17:56 | 000,081,952 | ---- | M]
(Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative
\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2012.02.26 00:17:54 | 000,593,952 | ---- | M]
(Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers
\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012.01.10 15:28:18 | 012,311,904 | ---- | M]
(Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows
\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.12.16 16:20:10 | 000,017,976 | ---- | M]
(Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative
\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.11.24 00:02:20 | 000,648,808 | ---- | M]
(Realtek ) [Kernel |
On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys --
(RTL8167)
DRV:64bit: - [2011.11.22 16:21:46 | 000,395,752 | ---- | M]
(ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows
\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.11.22 16:21:46 | 000,130,024 | ---- | M]
(ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows
\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.10.17 16:55:32 | 000,559,384 | ---- | M]
(Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative
\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.09.15 10:15:00 | 000,216,064 | ---- | M]
(Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:
\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc) Renesas
Electronics USB 3.0 Host Controller Driver (Version 3.0)
DRV:64bit: - [2011.09.15 10:14:58 | 000,100,352 | ---- | M]
(Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:
\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub) Renesas
Electronics USB 3.0 Hub Driver (Version 3.0)
DRV:64bit: - [2011.09.13 16:14:44 | 000,212,992 | ---- | M]
(Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:
\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.09.13 16:14:42 | 000,095,744 | ---- | M]
(Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:
\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.03.18 02:04:20 | 000,188,544 | ---- | M]
(Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:
\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.03.18 02:04:18 | 000,087,168 | ---- | M]
(Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:
\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.03.13 10:58:44 | 000,201,376 | ---- | M]
(Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative
\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.03.13 10:58:44 | 000,154,272 | ---- | M]
(Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative
\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.03.13 10:58:42 | 000,051,872 | ---- | M]
(Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:
\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2011.03.13 10:58:42 | 000,028,832 | ---- | M]
(Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative
\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M]
(Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows
\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M]
(Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows
\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 11:01:46 | 000,313,136 | ---- | M]
(Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:
\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011.03.07 11:01:46 | 000,024,880 | ---- | M]
(Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:
\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M]
(Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows
\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M]
(Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows
\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M]
(Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows
\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.02.26 17:32:14 | 000,158,976 | ---- | M]
(Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows
\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI
Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows
\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD
Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows
\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI
Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative
\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M]
(Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows
\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M]
(Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows
\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M]
(Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows
\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M]
(Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows
\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M]
(Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:
\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.14 09:26:24 | 000,015,416 | ---- | M] ()
[Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers
\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007.05.11 19:01:10 | 000,070,424 | ---- | M]
(Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows
\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV - [2012.03.22 12:14:28 | 000,163,480 | ---- | M] (SANDBOXIE L.T.D)
[Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys --
(SbieDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft
Corporation) [File_System | On_Demand | Stopped] -- C:\Windows
\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========
[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {79E9E601-992D-
46B5-BAE5-30C72ECAB790}
IE:64bit: - HKLM\..\SearchScopes\{79E9E601-992D-46B5-BAE5-
30C72ECAB790}: "URL" = http://www.bing.com/search?q={searchTerms}
&form=MSBTDF&pc=MASB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:
\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {79E9E601-992D-46B5-BAE5-
30C72ECAB790}
IE - HKLM\..\SearchScopes\{79E9E601-992D-46B5-BAE5-30C72ECAB790}: "URL"
= http://www.bing.com/search?q={searchTerms}
&form=MSBTDF&pc=MASB&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer
\Main,Default_Secondary_Page_URL = http://syb.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect
Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect
Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect
Cache_TIMESTAMP = FF E2 43 5F F7 D1 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-
E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:
C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows
\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files
(x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files
(x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins
\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files
(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins
\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files
(x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google
Update;version=8: C:\Program Files (x86)\Google\Update
\1.2.183.23\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:
\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\
\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
[2012.03.11 20:11:41 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:
\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-
7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll
(AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-
4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-
A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll
(Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:
\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-
9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle
Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-
45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast
\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value
found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-
D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST
Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program
Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon
\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files
(x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative
\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative
\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative
\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek
\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program
Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme
\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files
(x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast
\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate
\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R)
Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis
\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie
\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files
(x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 []
- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 []
- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
(Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
(Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
(Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
(Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
(Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
(Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4CE61E6-
7C3F-47E9-A69F-9359700546CB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows
\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows
\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft
Corporation)
O20:64bit: - HKLM Winlogon: VMApplet -
(SystemPropertiesPerformance.exe) - C:\Windows\SysNative
\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not
found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows
\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows
\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -
C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-
00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No
CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:
\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows
\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java
(Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft
Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} -
%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%
\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline
Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -
"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} -
DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet
Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft
Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet
Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing
Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft
Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site
Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address
Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} -
regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:
\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:
\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic
HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet
Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active
Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET
Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET
Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -
%SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:
\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:
\Windows\System32\rundll32.exe" "C:\Windows
\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows
Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%
\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%
\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%
\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows
Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer
Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows
Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n
/i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows
\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows
\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data
Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core
Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory
Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%
\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows
\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows
\SysWOW64\rundll32.exe" "C:\Windows
\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[color=#E56717]========== Files/Folders - Created Within 30 Days
==========[/color]
[2012.04.13 14:44:50 | 000,000,000 | ---D | C] -- C:\Users\Admin
\AppData\Roaming\Malwarebytes
[2012.04.13 14:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData
\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.13 14:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData
\Malwarebytes
[2012.04.13 14:44:42 | 000,024,904 | ---- | C] (Malwarebytes
Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.13 14:44:42 | 000,000,000 | ---D | C] -- C:\Program Files
(x86)\Malwarebytes' Anti-Malware
[2012.04.08 22:38:43 | 000,000,000 | ---D | C] -- C:\Users\Admin
\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Britannica 12.0
[2012.04.08 22:30:50 | 000,000,000 | -H-D | C] -- C:\Program Files
(x86)\Zero G Registry
[2012.04.08 22:29:01 | 000,000,000 | -H-D | C] -- C:\Users\Admin
\InstallAnywhere
[2012.04.02 16:30:26 | 000,000,000 | ---D | C] -- C:\Users\Admin
\AppData\Roaming\Opera
[2012.04.02 16:30:26 | 000,000,000 | ---D | C] -- C:\Users\Admin
\AppData\Local\Opera
[2012.04.02 16:30:19 | 000,000,000 | ---D | C] -- C:\Program Files
(x86)\Opera
[2012.03.30 17:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData
\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.03.28 18:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData
\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012.03.28 18:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Core
Temp
[2012.03.28 17:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData
\Microsoft\Windows\Start Menu\Programs\SIW
[2012.03.28 17:47:37 | 000,000,000 | ---D | C] -- C:\Program Files
(x86)\SIW
[2012.03.26 02:05:47 | 000,000,000 | ---D | C] -- C:\Program Files
(x86)\EASEUS
[2012.03.26 01:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData
\Microsoft\Windows\Start Menu\Programs\Runtime Software
[2012.03.26 01:13:06 | 000,000,000 | ---D | C] -- C:\Program Files
(x86)\Runtime Software
[2012.03.26 00:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2012.03.26 00:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData
\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
[2012.03.26 00:33:51 | 000,000,000 | ---D | C] -- C:\Program Files
(x86)\Western Digital Corporation
[2012.03.26 00:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData
\Microsoft\Windows\Start Menu\Programs\Acronis
[2012.03.26 00:33:17 | 000,000,000 | ---D | C] -- C:\Program Files
(x86)\Acronis
[2012.03.26 00:33:16 | 000,000,000 | ---D | C] -- C:\Program Files
(x86)\Common Files\Acronis
[2012.03.25 20:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData
\Microsoft\Windows\Start Menu\Programs\Recuva
[2012.03.25 20:01:09 | 000,000,000 | ---D | C] -- C:\Program Files
\Recuva
[2012.03.23 14:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData
\Microsoft\Windows\Start Menu\Programs\Lavalys
[2012.03.23 14:33:44 | 000,000,000 | ---D | C] -- C:\Program Files
(x86)\Lavalys
[2012.03.23 14:33:28 | 000,000,000 | ---D | C] -- C:\Program Files
(x86)\SpeedFan
[2012.03.22 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\Public
\Documents\sun
[2012.03.22 15:54:20 | 000,000,000 | --SD | C] -- C:\ProgramData
\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.5
[2012.03.21 18:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData
\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.03.21 18:04:19 | 000,000,000 | ---D | C] -- C:\Users\Admin
\AppData\Roaming\vlc
[2012.03.16 15:28:49 | 000,000,000 | ---D | C] -- C:\Users\Admin
\AppData\Local\Microsoft Games
[color=#E56717]========== Files - Modified Within 30 Days ==========
[/color]
[2012.04.13 14:51:49 | 000,003,270 | ---- | M] () -- C:\Windows
\Sandboxie.ini
[2012.04.13 14:44:44 | 000,001,109 | ---- | M] () -- C:\Users\Public
\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.13 14:40:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks
\GoogleUpdateTaskMachineUA.job
[2012.04.13 14:21:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks
\Adobe Flash Player Updater.job
[2012.04.13 13:59:15 | 000,031,840 | -H-- | M] () -- C:\Windows
\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-
439d-8115-601632D005A0
[2012.04.13 13:59:15 | 000,031,840 | -H-- | M] () -- C:\Windows
\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-
439d-8115-601632D005A0
[2012.04.13 13:56:29 | 001,612,484 | ---- | M] () -- C:\Windows
\SysNative\PerfStringBackup.INI
[2012.04.13 13:56:29 | 000,696,620 | ---- | M] () -- C:\Windows
\SysNative\perfh007.dat
[2012.04.13 13:56:29 | 000,651,938 | ---- | M] () -- C:\Windows
\SysNative\perfh009.dat
[2012.04.13 13:56:29 | 000,147,916 | ---- | M] () -- C:\Windows
\SysNative\perfc007.dat
[2012.04.13 13:56:29 | 000,120,870 | ---- | M] () -- C:\Windows
\SysNative\perfc009.dat
[2012.04.13 13:52:38 | 000,001,102 | ---- | M] () -- C:\Windows\tasks
\GoogleUpdateTaskMachineCore.job
[2012.04.13 13:52:01 | 000,067,584 | --S- | M] () -- C:\Windows
\bootstat.dat
[2012.04.13 13:52:00 | 3151,400,960 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.12 10:25:24 | 000,000,000 | ---- | M] () -- C:\Windows
\SysWow64\config.nt
[2012.04.09 12:52:09 | 000,315,968 | ---- | M] () -- C:\Windows
\SysNative\FNTCACHE.DAT
[2012.04.08 22:38:43 | 000,000,667 | ---- | M] () -- C:\Users\Public
\Desktop\Deluxe Edition.lnk
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes
Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.02 16:30:22 | 000,001,829 | ---- | M] () -- C:\Users\Public
\Desktop\Opera.lnk
[2012.03.28 18:06:43 | 000,000,948 | ---- | M] () -- C:\Users\Admin
\Desktop\Core Temp.lnk
[2012.03.28 17:47:44 | 000,000,935 | ---- | M] () -- C:\Users\Admin
\Desktop\SIW.lnk
[2012.03.26 01:13:08 | 000,001,988 | ---- | M] () -- C:\Users\Public
\Desktop\GetDataBack for FAT.lnk
[2012.03.26 00:33:40 | 000,001,149 | ---- | M] () -- C:\Users\Public
\Desktop\Acronis True Image WDEdition.lnk
[2012.03.25 20:02:50 | 000,001,980 | ---- | M] () -- C:\Users\Admin
\Desktop\CrystalDiskInfo.lnk
[2012.03.25 20:01:29 | 000,001,057 | ---- | M] () -- C:\Users\Admin
\Desktop\Secunia PSI.lnk
[2012.03.23 14:33:49 | 000,001,102 | ---- | M] () -- C:\Users\Admin
\Desktop\EVEREST Home Edition.lnk
[2012.03.23 14:33:29 | 000,001,007 | ---- | M] () -- C:\Users\Admin
\Desktop\SpeedFan.lnk
[2012.03.23 14:33:28 | 000,000,045 | ---- | M] () -- C:\Windows
\SysWow64\initdebug.nfo
[2012.03.22 15:54:20 | 000,001,110 | ---- | M] () -- C:\Users\Public
\Desktop\LibreOffice 3.5.lnk
[2012.03.21 18:25:46 | 000,001,066 | ---- | M] () -- C:\Users\Public
\Desktop\VLC media player.lnk
[2012.03.18 23:59:52 | 001,589,442 | ---- | M] () -- C:\Windows
\SysWow64\PerfStringBackup.INI
[2012.03.16 18:05:34 | 000,001,106 | ---- | M] () -- C:\ProgramData
\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[color=#E56717]========== Files Created - No Company Name ==========
[/color]
[2012.04.13 14:44:44 | 000,001,109 | ---- | C] () -- C:\Users\Public
\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.08 22:38:43 | 000,000,667 | ---- | C] () -- C:\Users\Public
\Desktop\Deluxe Edition.lnk
[2012.04.02 16:30:22 | 000,001,841 | ---- | C] () -- C:\ProgramData
\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.04.02 16:30:22 | 000,001,829 | ---- | C] () -- C:\Users\Public
\Desktop\Opera.lnk
[2012.03.30 16:54:00 | 000,000,884 | ---- | C] () -- C:\Windows\tasks
\Adobe Flash Player Updater.job
[2012.03.28 18:06:43 | 000,000,948 | ---- | C] () -- C:\Users\Admin
\Desktop\Core Temp.lnk
[2012.03.28 17:47:44 | 000,000,935 | ---- | C] () -- C:\Users\Admin
\Desktop\SIW.lnk
[2012.03.28 16:30:49 | 000,315,968 | ---- | C] () -- C:\Windows
\SysNative\FNTCACHE.DAT
[2012.03.26 01:13:08 | 000,001,988 | ---- | C] () -- C:\Users\Public
\Desktop\GetDataBack for FAT.lnk
[2012.03.26 00:33:40 | 000,001,149 | ---- | C] () -- C:\Users\Public
\Desktop\Acronis True Image WDEdition.lnk
[2012.03.23 14:33:49 | 000,001,102 | ---- | C] () -- C:\Users\Admin
\Desktop\EVEREST Home Edition.lnk
[2012.03.23 14:33:29 | 000,001,007 | ---- | C] () -- C:\Users\Admin
\Desktop\SpeedFan.lnk
[2012.03.23 14:33:27 | 000,000,045 | ---- | C] () -- C:\Windows
\SysWow64\initdebug.nfo
[2012.03.22 15:54:20 | 000,001,110 | ---- | C] () -- C:\Users\Public
\Desktop\LibreOffice 3.5.lnk
[2012.03.16 18:05:34 | 000,001,106 | ---- | C] () -- C:\ProgramData
\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.03.16 18:05:34 | 000,001,057 | ---- | C] () -- C:\Users\Admin
\Desktop\Secunia PSI.lnk
[2012.02.29 22:58:32 | 000,000,126 | ---- | C] () -- C:\Windows
\SysWow64\quietHDD.ini
[2012.02.23 13:01:11 | 000,003,270 | ---- | C] () -- C:\Windows
\Sandboxie.ini
[2012.02.10 11:34:56 | 000,963,884 | ---- | C] () -- C:\Windows
\SysWow64\igkrng600.bin
[2012.02.10 11:34:55 | 000,221,264 | ---- | C] () -- C:\Windows
\SysWow64\igfcg600m.bin
[2012.02.10 11:34:54 | 000,145,804 | ---- | C] () -- C:\Windows
\SysWow64\igcompkrng600.bin
[2012.02.10 11:34:54 | 000,056,832 | ---- | C] () -- C:\Windows
\SysWow64\igdde32.dll
[2012.02.10 11:34:53 | 013,904,384 | ---- | C] () -- C:\Windows
\SysWow64\ig4icd32.dll
[2012.01.13 15:27:07 | 001,589,442 | ---- | C] () -- C:\Windows
\SysWow64\PerfStringBackup.INI
[2012.01.13 14:35:00 | 000,000,000 | ---- | C] () -- C:\Windows
\ativpsrm.bin
[color=#E56717]========== LOP Check ==========[/color]
[2012.02.24 17:26:46 | 000,000,000 | ---D | M] -- C:\Users\Admin
\AppData\Roaming\GHISLER
[2012.01.13 15:42:04 | 000,000,000 | ---D | M] -- C:\Users\Admin
\AppData\Roaming\InfraRecorder
[2012.03.08 17:42:53 | 000,000,000 | ---D | M] -- C:\Users\Admin
\AppData\Roaming\LibreOffice
[2012.04.02 16:30:26 | 000,000,000 | ---D | M] -- C:\Users\Admin
\AppData\Roaming\Opera
[2012.04.11 13:45:40 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks
\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< Code >[/color]
[color=#A23BEC]< >[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2012.03.16 16:01:14 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.13 14:32:14 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and
Settings
[2012.02.22 21:07:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und
Einstellungen
[2012.02.21 16:33:06 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.28 18:06:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.04.13 14:44:42 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.04.13 14:44:43 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.02.22 21:07:04 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.02.22 21:07:05 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.02.24 15:18:30 | 000,000,000 | R--D | M] -- C:\Sandbox
[2012.04.12 10:35:16 | 000,000,000 | -HSD | M] -- C:\System Volume
Information
[2012.02.24 17:26:47 | 000,000,000 | ---D | M] -- C:\totalcmd
[2012.03.16 16:01:04 | 000,000,000 | R--D | M] -- C:\Users
[2012.04.13 14:51:49 | 000,000,000 | ---D | M] -- C:\Windows
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation)
MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs
\wow64_microsoft-windows-
explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d
\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs
\amd64_microsoft-windows-
explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba
\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation)
MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs
\amd64_microsoft-windows-
explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.
exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation)
MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs
\wow64_microsoft-windows-
explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb
\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs
\wow64_microsoft-windows-
explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.
exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation)
MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs
\amd64_microsoft-windows-
explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.
exe
[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation)
MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs
\amd64_microsoft-windows-registry-
editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation)
MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation)
MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation)
MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs
\wow64_microsoft-windows-registry-
editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation)
MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation)
MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs
\x86_microsoft-windows-
userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.
exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation)
MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative
\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation)
MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs
\amd64_microsoft-windows-
userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c
\userinit.exe
[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation)
MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation)
MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs
\amd64_microsoft-windows-
wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.ex
e
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation)
MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation)
MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs
\x86_microsoft-windows-
wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.ex
e
[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] ()
MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files
(x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation)
MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative
\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation)
MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs
\amd64_microsoft-windows-
winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.
exe
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
\WindowsUpdate\AU >[/color]
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|
LastSuccessTime /rs >[/color]
[color=#A23BEC]< CREATERESTOREPOIN >[/color]
< End of report >
[/CODE]
Extra.txt
[CODE]
OTL Extras logfile created on: 13.04.2012 14:53:57 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type =
NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format:
dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,47 Gb Available Physical Memory |
63,22% Memory free
7,82 Gb Paging File | 6,40 Gb Available in Paging File | 81,79% Paging
File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:
\Program Files (x86)
Drive C: | 256,00 Gb Total Space | 220,40 Gb Free Space | 86,09% Space
Free | Partition Type: NTFS
Drive D: | 340,18 Gb Total Space | 335,57 Gb Free Space | 98,65% Space
Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit
Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name
Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera
Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe
(Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft
Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera
Software)
[color=#E56717]========== Shell Spawning ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell
\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML
"%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera
Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera
Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1"
(Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:
\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:
\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%
\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC
\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"
--started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%*
(Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML
"%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera
Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera
Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1"
(Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%
\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC
\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"
--started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========
[/color]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========
[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall]
"{063C0043-E954-4850-9AA7-F9BC4E920D38}" = Adobe Flash Player 11 Plugin
(x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon
MP560 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in
Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64
edition)
"{421976B6-DEC6-4CA5-941F-F0663B3A2B74}" = Adobe Flash Player 11 ActiveX
(x64)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4
Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error
Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language
Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client
Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service
Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010
x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4
Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4
Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4
Extended
"Recuva" = Recuva
"Sandboxie" = Sandboxie 3.66 (64-bit)
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 4.1.13.71
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E8E4718-0702-4D33-B007-5E95849BAB3C}" = LibreOffice 3.5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010
x86 Redistributable - 10.0.30319
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008
Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform
Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage
Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic
for Windows 1.24
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9B683A28-2172-4CF1-B85D-41375E80652A}" = Acronis True Image WDEdition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008
Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = SeagateDiscWizard
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications
Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005
Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio
Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series
Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.2.0a
"Deluxe Edition" = Deluxe Edition
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Exif Tag Remover_is1" = Exif Tag Remover 2.0
"Foxit Reader_is1" = Foxit Reader 5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version
1.61.0.1400
"MozBackup" = MozBackup 1.5.1
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Opera 11.62.1347" = Opera 11.62
"Secunia PSI" = Secunia PSI (3.0.0.0004)
"SpeedFan" = SpeedFan (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 08.04.2012 09:23:16 | Computer Name = Admin-PC | Source =
WinMgmt | ID = 10
Description =
Error - 08.04.2012 12:49:06 | Computer Name = Admin-PC | Source =
WinMgmt | ID = 10
Description =
Error - 08.04.2012 16:27:58 | Computer Name = Admin-PC | Source =
WinMgmt | ID = 10
Description =
Error - 09.04.2012 06:53:50 | Computer Name = Admin-PC | Source =
WinMgmt | ID = 10
Description =
Error - 09.04.2012 09:08:51 | Computer Name = Admin-PC | Source =
WinMgmt | ID = 10
Description =
Error - 10.04.2012 08:11:41 | Computer Name = Admin-PC | Source =
WinMgmt | ID = 10
Description =
Error - 11.04.2012 07:47:27 | Computer Name = Admin-PC | Source =
WinMgmt | ID = 10
Description =
Error - 12.04.2012 04:25:34 | Computer Name = Admin-PC | Source =
WinMgmt | ID = 10
Description =
Error - 12.04.2012 04:43:20 | Computer Name = Admin-PC | Source =
WinMgmt | ID = 10
Description =
Error - 13.04.2012 07:53:48 | Computer Name = Admin-PC | Source =
WinMgmt | ID = 10
Description =
[ System Events ]
Error - 30.03.2012 10:56:01 | Computer Name = Admin-PC | Source =
Service Control Manager | ID = 7034
Description = Dienst "Secunia Update Agent" wurde unerwartet beendet.
Dies ist bereits
1 Mal passiert.
Error - 30.03.2012 10:58:37 | Computer Name = Admin-PC | Source =
Service Control Manager | ID = 7034
Description = Dienst "Secunia Update Agent" wurde unerwartet beendet.
Dies ist bereits
2 Mal passiert.
Error - 30.03.2012 12:10:03 | Computer Name = Admin-PC | Source =
BROWSER | ID = 8032
Description =
Error - 31.03.2012 09:36:02 | Computer Name = Admin-PC | Source =
Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde
aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 31.03.2012 09:52:47 | Computer Name = Admin-PC | Source =
BROWSER | ID = 8032
Description =
Error - 31.03.2012 12:50:16 | Computer Name = Admin-PC | Source =
BROWSER | ID = 8032
Description =
Error - 01.04.2012 11:21:55 | Computer Name = Admin-PC | Source =
Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde
aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 01.04.2012 11:38:43 | Computer Name = Admin-PC | Source =
BROWSER | ID = 8032
Description =
Error - 02.04.2012 10:28:20 | Computer Name = Admin-PC | Source =
Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde
aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 03.04.2012 07:01:46 | Computer Name = Admin-PC | Source =
Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde
aufgrund folgenden
Fehlers nicht gestartet: %%2
< End of report >