| |
| |||||||
Log-Analyse und Auswertung: System Progressive Protection - EntfernungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
22.10.2012, 16:51
| #1 |
| |  System Progressive Protection - Entfernung Hallo Forum, heute morgen habe ich mich leider auch infiziert - Windows Vista 64 Bit. Aus den Informationen hier im Forum habe ich das Programm mit "rkill" gestoppt und mit "Malwarebytes" nach einem vollständigen Suchlauf die Funde gelöscht. Danach wie in einem Beitrag mit OTL einen Scan laufen lassen. Kann mir nun bitte jemand weiterhelfen anhand der Log's? Kann ich im Moment Internet und das Mailprogramm ohne Sorge nutzen, oder sollte ich lieber nix am/mit dem Rechner arbeiten? Herrjeh...alles passiert doch einmal im Leben - bisher kam ich ohne "Schäden" durch meine Computerwelt! Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.21.08 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Fips :: FIPS-PC [Administrator] Schutz: Aktiviert 22.10.2012 09:54:41 mbam-log-2012-10-22 (09-54-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 870797 Laufzeit: 3 Stunde(n), 47 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|5EE324A6B0F226EA00005EE2C5C82B2A (Trojan.FakeAlert.SSGen) -> Daten: C:\ProgramData\5EE324A6B0F226EA00005EE2C5C82B2A\5EE324A6B0F226EA00005EE2C5C82B2A.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Fips\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 3 C:\Users\Fips\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fips\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\5EE324A6B0F226EA00005EE2C5C82B2A\5EE324A6B0F226EA00005EE2C5C82B2A.exe (Trojan.FakeAlert.SSGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL Extras logfile created on: 22.10.2012 17:23:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fips\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 50,78% Memory free
8,22 Gb Paging File | 5,90 Gb Available in Paging File | 71,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 115,80 Gb Total Space | 54,66 Gb Free Space | 47,20% Space Free | Partition Type: NTFS
Drive D: | 349,96 Gb Total Space | 308,38 Gb Free Space | 88,12% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 623,07 Gb Free Space | 66,89% Space Free | Partition Type: NTFS
Computer Name: FIPS-PC | User Name: Fips | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 73 C0 2C CF CA D3 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0602D8DB-D24E-4424-A25E-861BDBE929F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0ACD5D57-4FBD-469A-AC6F-C8D20E5737C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13219579-7FC1-48F9-BA59-559CAD62D328}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27592B53-B850-417B-8100-850538DD7E1D}" = rport=138 | protocol=17 | dir=out | app=system |
"{284E42D1-4E4C-4058-95F4-A34C7A008392}" = rport=139 | protocol=6 | dir=out | app=system |
"{2A1A4D76-B48B-41A8-A53B-D3900C57BDEF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4B0DC77B-4A29-4882-B0AD-6AD29AE5DF71}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5783E445-2731-4678-94BC-D79AE5B572FA}" = rport=445 | protocol=6 | dir=out | app=system |
"{5F58B54B-C8E3-4D5F-A0CE-EF39659A75CF}" = rport=137 | protocol=17 | dir=out | app=system |
"{65CFEDD0-D707-445B-B325-42412C4E4AF4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6785ACB5-149F-454F-8B83-7F8E6E774B56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8890C7FA-B3AB-4C46-9790-BBA64BBC443B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{889A470A-00A2-4B59-B8EF-90ADDF734D37}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A13D6855-F584-408A-AD4C-4119C50BCDED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A308BB75-9428-48A8-BC3D-527FF0BC56D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{A51D7642-C583-4174-8090-240ADC2E71F9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B9F703E7-C31E-4576-A0E8-5FB839D4BE08}" = lport=138 | protocol=17 | dir=in | app=system |
"{CBFCD9A6-FDAF-434D-982E-67D0D47EB881}" = lport=445 | protocol=6 | dir=in | app=system |
"{CC87156B-A8A2-4315-BBC1-3408F1CD00EC}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{E9C84D45-026E-4408-A9E6-140C85A35103}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF1B3CFC-7D3B-41D5-808A-C687633BE88D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FA9E6AF3-9D66-4822-B882-428CA96639C3}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02927D87-9606-413D-9D89-3BFA5970D9FC}" = dir=in | app=e:\setup\hpznui40.exe |
"{03FC5E8C-650D-4BCF-BE46-A8AB0586AA3B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0A7C36AD-7DC5-45D8-B62B-B68FF3A1F5AE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0BD70C00-51B7-4D6F-B904-5FFEEEB89249}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0CDDB682-434E-496A-B4C7-25268A3C9172}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{0ED3A26F-722E-4AEE-B24A-4C7A07DA78BB}" = protocol=17 | dir=in | app=c:\program files (x86)\merian scout navimanager\msnavimanager.exe |
"{11D74483-05E4-44D4-8C09-209317CC6A50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{13EE4451-1C13-4D1F-91B8-F02A340BB92D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{1B798826-0F32-434A-BFFA-277D149F5696}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{2104C697-6588-4B55-90D4-A5572D173C47}" = protocol=6 | dir=out | app=system |
"{27C08000-D4D5-44C3-B84C-32B79DC61654}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{2CAFE7DB-BCB2-4052-BDA5-A52E8F2644AE}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{2D63A424-C4AA-498C-8125-C9BBDB4E1236}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3239836B-6D21-4242-A5AA-FF5CFB53795B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E1C2A9E-E24D-492B-905E-F2F4590F1843}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{48087F26-662C-4EC2-ADBD-AF7FC1CA39A4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5099802C-BD8D-4D59-9737-F88EB703E2CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{61C66AF1-7871-4708-8FAA-A96F3E69A49B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{65346458-5C62-4951-AF8E-E7BE6DBAF7DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{671A5499-F39B-46EA-A587-80A6DC08259B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78D2BEA4-94DF-4FC3-A24B-D83D61F35358}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E811D33-56C6-42FC-8664-DF5F55BACF73}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{85A9AB2C-E436-471D-8562-8AB68D90986F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88528527-52FE-4F6A-A2CA-4C05BB2DEBAE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8AD671FC-8FF0-44D0-A54F-F104C400D1EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B7E3457-7D42-4CBE-9C82-37EF54866E4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{8BE331E9-FB17-406B-87D4-D0F95306CB1C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{8C06749F-C962-4663-B272-F950FF130F74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D145A5F-CDB8-45D0-8B35-C2E9AFF62950}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{91B341D4-2BA8-4FA7-AC7F-92CBD00E5FAA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{979239E3-ABB1-4FD3-95C1-0285E772BF0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A1B3F30D-BAD6-4BAC-AD26-AC5E6893125B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A34CD938-4497-4013-8F17-20E4CBE393C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{A4CEC94F-AF70-4216-B8E9-1C5D7DC8126C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{A8154700-583B-4945-86FC-B17D26EDC7A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AE1F3CC7-4BA1-4E07-980C-22D52DAF3D9B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8BE9306-DBFB-4D91-AFCC-93A9F138851B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDB53652-235A-4678-8C0B-6742D07B13DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8FC54D7-240B-4150-959C-75809D7EBD0B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{DA7F94BA-7DFD-4326-AF5F-A1A36637695E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DB78B78B-2605-4D9C-A2F2-10A6DB71B42C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E2AB0F81-248D-4DFE-9FAE-ABCCE4572BBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3AB3BBA-AB84-4875-AC18-22031660B106}" = protocol=6 | dir=in | app=c:\program files (x86)\merian scout navimanager\msnavimanager.exe |
"{F110F203-8E26-40F3-8802-D706BC1225D8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F1BE08B0-EFD6-47D0-95C5-68724932A6B1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F4B02003-AE28-42AE-8B24-50E0F8BF5702}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F54A13CE-CDCB-4D95-9D5F-6E1CC5907047}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F66B4903-AE6A-4997-965B-12DE6B49B831}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F85EC175-B392-4F21-AD63-73E43BA5B7FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD5EEBEC-F6AF-4C35-88BB-CEBEF6159401}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"TCP Query User{09BDD7C6-DC91-4605-9F1B-79159EFD06A1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{16F260EF-62A5-435C-BE55-AB507726DC15}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{6A42565D-6B59-4DA4-ADB0-8F660C24F228}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{D6B2B919-E140-4F3C-9796-FEDBFA6636AF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{3C2A04D8-1BDF-4B90-ACF5-A2C3DC8E8266}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{7726DB00-CEF2-4D95-B1DB-486343418B22}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{85F73F7D-1E97-46E3-ABBF-AD37AB602921}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{EC7D49BA-8202-4999-A206-782B893D7D7D}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{777afb2a-98e5-4f14-b455-378a925cae15}.sdb" = CVE-2012-4969
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}" = HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6)
"CCleaner" = CCleaner
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.8)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DDDFDF2-4A92-4E77-959F-59D196B99C0C}" = C410
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver
"{25F61E72-AAA4-4607-95D2-1E5139C98FFB}" = Nokia_Multimedia_Common_Components_2_5
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup
"{47D80D13-607F-4F1D-A99B-C66BE2C0293F}" = DHL Bestellhelfer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28C077-9958-45F1-8BB4-CBF90A69AD4E}" = PC Connectivity Solution
"{4FCB1267-7380-4EBA-9A6C-69809C6E8227}" = Nokia Music Player
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5CCF8330-F742-411A-8A04-719806D168B5}" = Deutsche Post E-Porto
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB6CBD4-ED44-4EAA-8496-228395B1C1D0}" = gs_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.6.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1D8B95-0A1E-4357-951E-424F87067EAF}" = MERIAN scout NAVIMANAGER
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F217D8AF-965B-4D3E-8F14-AC47B9CA535B}" = PS_AIO_07_C410_SW_Min
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE MailCheck für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AllemeinePassworte" = Alle meine Passworte 3.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Doro_is1" = Doro 1.55
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 1.4
"Free Studio_is1" = Free Studio version 5.3.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NAVIGON Sync" = NAVIGON Sync 2.0.0
"Nokia PC Suite" = Nokia PC Suite
"ST6UNST #1" = BEWERBUNGSMASTER
"ST6UNST #2" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\)
"ST6UNST #3" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\) #3
"ST6UNST #4" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\) #4
"ST6UNST #5" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\) #5
"TaskUnifier 2.3.1" = TaskUnifier 2.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.05.2012 00:37:17 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.05.2012 10:18:52 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.05.2012 03:07:34 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.05.2012 03:55:24 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.05.2012 00:44:44 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.05.2012 11:38:34 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.05.2012 00:32:28 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.05.2012 10:11:57 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.05.2012 00:29:20 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.05.2012 10:39:42 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 27.11.2011 04:54:35 | Computer Name = Fips-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.11.2011 06:02:55 | Computer Name = Fips-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.11.2011 06:03:24 | Computer Name = Fips-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 15.10.2012 05:09:44 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 18.10.2012 01:34:04 | Computer Name = Fips-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.4 für die Netzwerkkarte mit der Netzwerkadresse
002185CA661E wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 18.10.2012 09:22:25 | Computer Name = Fips-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.2 für die Netzwerkkarte mit der Netzwerkadresse
002185CA661E wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 19.10.2012 10:49:05 | Computer Name = Fips-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.2 für die Netzwerkkarte mit der Netzwerkadresse
002185CA661E wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 20.10.2012 02:19:55 | Computer Name = Fips-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 22.10.2012 02:48:13 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 22.10.2012 02:52:34 | Computer Name = Fips-PC | Source = DCOM | ID = 10010
Description =
Error - 22.10.2012 03:06:10 | Computer Name = Fips-PC | Source = DCOM | ID = 10010
Description =
Error - 22.10.2012 09:35:48 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 22.10.2012 09:35:48 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 22.10.2012 17:23:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fips\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 50,78% Memory free 8,22 Gb Paging File | 5,90 Gb Available in Paging File | 71,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 115,80 Gb Total Space | 54,66 Gb Free Space | 47,20% Space Free | Partition Type: NTFS Drive D: | 349,96 Gb Total Space | 308,38 Gb Free Space | 88,12% Space Free | Partition Type: NTFS Drive K: | 931,51 Gb Total Space | 623,07 Gb Free Space | 66,89% Space Free | Partition Type: NTFS Computer Name: FIPS-PC | User Name: Fips | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Fips\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) PRC - C:\Program Files (x86)\AmP\AmP.exe (Mirko Böer) PRC - C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe (CompSoft) PRC - C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.) PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\4710917e5f1bdbb49d9785f4eb0040c5\System.Data.SqlServerCe.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek ) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys (Microsoft Corporation) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.trojaner-board.de/12524 [Binary data over 200 bytes] IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trojaner-board.de/125241-...uft-wurde.html IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\SearchScopes,DefaultScope = {9DDBE413-E209-49BA-BFDD-099CC9CD11AB} IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\SearchScopes\{3FF1D4E7-5559-453C-A84D-69253E8D4DF9}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\SearchScopes\{862EBCFC-71B6-464D-9FF1-7D748F6DA130}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\SearchScopes\{8A1676D8-EC44-41EF-B676-24738A6C79F1}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\SearchScopes\{9DDBE413-E209-49BA-BFDD-099CC9CD11AB}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\SearchScopes\{E439B557-6000-49C1-A511-F514C3127B4D}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.12 12:20:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.02.13 00:03:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.12 12:20:17 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3:64bit: - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3:64bit: - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe (CompSoft) O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1141863756-409699812-2697086131-1000..\Run: [Alle meine Passworte] C:\PROGRA~2\AMP\AMP.EXE (Mirko Böer) O4 - HKU\S-1-5-21-1141863756-409699812-2697086131-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - HKU\S-1-5-21-1141863756-409699812-2697086131-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1141863756-409699812-2697086131-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1141863756-409699812-2697086131-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\S-1-5-21-1141863756-409699812-2697086131-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present O8:64bit: - Extra context menu item: Felder mit Bestellhelfer ausfüllen - C:\Program Files (x86)\DHL\DHL Bestellhelfer\fillFormContext.html () O8:64bit: - Extra context menu item: Felder mit Bestellhelfer merken - C:\Program Files (x86)\DHL\DHL Bestellhelfer\assignContext.html () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Felder mit Bestellhelfer ausfüllen - C:\Program Files (x86)\DHL\DHL Bestellhelfer\fillFormContext.html () O8 - Extra context menu item: Felder mit Bestellhelfer merken - C:\Program Files (x86)\DHL\DHL Bestellhelfer\assignContext.html () O8 - Extra context menu item: Free YouTube Download - C:\Users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AC90B8C-4DE9-4117-8871-944ACAC840F1}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Fips\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\Fips\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.09.04 13:08:14 | 000,000,183 | ---- | M] () - K:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.22 17:21:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fips\Desktop\OTL.exe [2012.10.22 09:51:33 | 000,000,000 | ---D | C] -- C:\Users\Fips\AppData\Roaming\Malwarebytes [2012.10.22 09:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.22 09:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.22 09:51:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.22 09:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.22 09:46:02 | 000,000,000 | ---D | C] -- C:\Users\Fips\Desktop\rkill [2012.10.22 09:42:13 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Fips\Desktop\rkill.com [2012.10.22 08:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\5EE324A6B0F226EA00005EE2C5C82B2A [2012.10.10 21:58:20 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 21:58:19 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.10 21:58:13 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 21:58:12 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.09 07:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons [2012.10.09 07:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck [2012.10.09 07:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 Mail & Media GmbH [2012.10.09 07:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEB.DE MailCheck [2012.10.09 07:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb ========== Files - Modified Within 30 Days ========== [2012.10.22 17:21:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fips\Desktop\OTL.exe [2012.10.22 16:59:54 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.22 16:59:54 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.22 16:36:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.22 16:31:30 | 001,494,134 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.22 16:31:30 | 000,645,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.22 16:31:30 | 000,612,796 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.22 16:31:30 | 000,133,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.22 16:31:30 | 000,111,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.22 16:25:58 | 000,273,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.22 16:25:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.22 09:51:18 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.22 09:42:14 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Fips\Desktop\rkill.com [2012.10.21 09:25:43 | 000,052,563 | ---- | M] () -- C:\Users\Fips\Desktop\Kfm. Mitarbeiter Hänsel jobmorgen+MM 20.12.2012.pdf [2012.10.19 08:02:10 | 000,063,824 | ---- | M] () -- C:\Users\Fips\Desktop\SB Versicherung Hornbach stepstone 17.10.2012.pdf [2012.10.18 08:26:20 | 000,094,567 | ---- | M] () -- C:\Users\Fips\Desktop\Automobilkaufmann AH Henzel jobbörse 17.10.2012.pdf [2012.10.11 07:38:18 | 000,119,742 | ---- | M] () -- C:\Users\Fips\Desktop\Vertriebsassistentin Openmindz GmbH jobbörse 10.10.2012.pdf [2012.10.10 07:14:25 | 000,000,247 | ---- | M] () -- C:\Users\Fips\Desktop\Stellenangebote - Bilfinger SE.url [2012.10.09 08:36:22 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.09 08:36:22 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.06 09:29:38 | 000,000,261 | ---- | M] () -- C:\Users\Fips\Desktop\http--www.phoenixgroup.eu-DE-PHOENIXKarriere-stellen-Seiten-default.aspx.url [2012.10.06 09:15:08 | 000,000,160 | ---- | M] () -- C:\Users\Fips\Desktop\Stellenangebote mit Karrieremöglichkeiten - JOSEPH VÖGELE AG.url [2012.10.05 07:52:44 | 000,000,226 | ---- | M] () -- C:\Users\Fips\Desktop\Jobs in Mannheim, Stellenangebote Mannheim, Jobsuche StepStone.url [2012.10.03 09:29:21 | 000,000,237 | ---- | M] () -- C:\Users\Fips\Desktop\Jobs minol.url [2012.10.02 07:59:14 | 000,124,708 | ---- | M] () -- C:\Users\Fips\Desktop\Mitarbeiter Vertrieb Lindorff jobbörse 01.10.2012.pdf [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.28 07:44:52 | 000,123,894 | ---- | M] () -- C:\Users\Fips\Desktop\Kfm. Angestellte S+P Lion AG jobbörse 27.09.2012.pdf [2012.09.27 10:03:27 | 000,000,270 | ---- | M] () -- C:\Users\Fips\Desktop\Stellenausschreibungen der Stadt Mannheim Mannheim.de.url ========== Files Created - No Company Name ========== [2012.10.22 09:51:18 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.21 09:25:43 | 000,052,563 | ---- | C] () -- C:\Users\Fips\Desktop\Kfm. Mitarbeiter Hänsel jobmorgen+MM 20.12.2012.pdf [2012.10.19 08:02:08 | 000,063,824 | ---- | C] () -- C:\Users\Fips\Desktop\SB Versicherung Hornbach stepstone 17.10.2012.pdf [2012.10.18 08:26:19 | 000,094,567 | ---- | C] () -- C:\Users\Fips\Desktop\Automobilkaufmann AH Henzel jobbörse 17.10.2012.pdf [2012.10.11 07:38:17 | 000,119,742 | ---- | C] () -- C:\Users\Fips\Desktop\Vertriebsassistentin Openmindz GmbH jobbörse 10.10.2012.pdf [2012.10.10 07:14:25 | 000,000,247 | ---- | C] () -- C:\Users\Fips\Desktop\Stellenangebote - Bilfinger SE.url [2012.10.06 09:29:37 | 000,000,261 | ---- | C] () -- C:\Users\Fips\Desktop\http--www.phoenixgroup.eu-DE-PHOENIXKarriere-stellen-Seiten-default.aspx.url [2012.10.06 09:15:08 | 000,000,160 | ---- | C] () -- C:\Users\Fips\Desktop\Stellenangebote mit Karrieremöglichkeiten - JOSEPH VÖGELE AG.url [2012.10.05 07:52:44 | 000,000,226 | ---- | C] () -- C:\Users\Fips\Desktop\Jobs in Mannheim, Stellenangebote Mannheim, Jobsuche StepStone.url [2012.10.03 09:29:21 | 000,000,237 | ---- | C] () -- C:\Users\Fips\Desktop\Jobs minol.url [2012.10.02 07:59:12 | 000,124,708 | ---- | C] () -- C:\Users\Fips\Desktop\Mitarbeiter Vertrieb Lindorff jobbörse 01.10.2012.pdf [2012.09.28 07:44:51 | 000,123,894 | ---- | C] () -- C:\Users\Fips\Desktop\Kfm. Angestellte S+P Lion AG jobbörse 27.09.2012.pdf [2012.09.27 10:03:26 | 000,000,270 | ---- | C] () -- C:\Users\Fips\Desktop\Stellenausschreibungen der Stadt Mannheim Mannheim.de.url [2012.03.16 12:26:06 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012.03.16 12:26:06 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012.03.16 12:26:06 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012.03.16 12:26:06 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012.03.16 12:26:06 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012.03.16 12:26:06 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012.03.16 12:26:06 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012.03.16 12:26:06 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012.03.16 12:26:06 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012.03.16 12:26:06 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012.03.16 12:26:06 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012.03.16 12:26:06 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012.03.16 12:26:06 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012.03.16 12:26:06 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012.03.16 12:26:06 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012.03.16 12:26:06 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012.03.16 12:26:06 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012.03.16 12:26:06 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012.03.16 12:26:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.05.14 11:29:37 | 000,000,285 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.02.12 17:25:59 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat.temp [2011.02.12 12:09:17 | 000,238,402 | ---- | C] () -- C:\Windows\hpoins52.dat [2010.10.30 14:23:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.05 09:55:22 | 000,000,105 | ---- | C] () -- C:\Users\Fips\AppData\Roaming\default.pls [2010.04.05 09:52:15 | 000,006,144 | ---- | C] () -- C:\Users\Fips\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.29 18:56:50 | 000,001,024 | ---- | C] () -- C:\Users\Fips\.rnd [2010.03.29 18:29:50 | 000,000,732 | ---- | C] () -- C:\Users\Fips\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-1141863756-409699812-2697086131-1000\$65aced6a2d514a264b6f91bbffc979bd\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-1141863756-409699812-2697086131-1000\$65aced6a2d514a264b6f91bbffc979bd\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
__________________ Danke + Grüsse - Sofima Geändert von Sofima (22.10.2012 um 17:09 Uhr) |
|
22.10.2012, 18:54
| #2 |
| /// TB-Ausbilder   | System Progressive Protection - Entfernung Servus,
__________________Schritt 1 Ich sehe, dass du sog. Registry Cleaner auf dem System hast. In deinem Fall CCleaner. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Am Ende der Bereinigung empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst. Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 3 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 4 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
__________________ |
|
22.10.2012, 22:18
| #3 |
| | System Progressive Protection - Entfernung Vielen Dank für die flotte und ausführliche Antwort!
__________________Habe alles so durchgeführt. - CC Cleaner deinstalliert - Defogger lief ohne Fehlermeldung durch - aswMBR.exe Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-22 22:38:10
-----------------------------
22:38:10.656 OS Version: Windows x64 6.0.6002 Service Pack 2
22:38:10.657 Number of processors: 2 586 0x6B02
22:38:10.658 ComputerName: FIPS-PC UserName: Fips
22:38:11.601 Initialize success
22:38:36.833 AVAST engine defs: 12102200
22:39:08.505 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
22:39:08.510 Disk 0 Vendor: WDC_WD5000AAKS-00A7B2 01.03B01 Size: 476940MB BusType: 3
22:39:08.527 Disk 0 MBR read successfully
22:39:08.533 Disk 0 MBR scan
22:39:08.543 Disk 0 Windows VISTA default MBR code
22:39:08.551 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 118579 MB offset 2048
22:39:08.571 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 358358 MB offset 242851840
22:39:08.610 Disk 0 scanning C:\Windows\system32\drivers
22:39:19.582 Service scanning
22:39:45.401 Modules scanning
22:39:45.416 Disk 0 trace - called modules:
22:39:45.436 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:39:45.446 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a70790]
22:39:45.833 3 CLASSPNP.SYS[fffffa6000fd4c33] -> nt!IofCallDriver -> [0xfffffa80048ab9b0]
22:39:45.844 5 acpi.sys[fffffa600080ffde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa80048a9940]
22:39:47.446 AVAST engine scan C:\Windows
22:39:49.792 AVAST engine scan C:\Windows\system32
22:44:27.059 AVAST engine scan C:\Windows\system32\drivers
22:44:46.050 AVAST engine scan C:\Users\Fips
23:05:32.167 AVAST engine scan C:\ProgramData
23:08:19.591 Scan finished successfully
23:08:37.029 Disk 0 MBR has been saved successfully to "C:\Users\Fips\Desktop\MBR.dat"
23:08:37.040 The log file has been saved successfully to "C:\Users\Fips\Desktop\aswMBR.txt"
Code:
ATTFilter 23:09:42.0506 4820 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
23:09:42.0713 4820 ============================================================
23:09:42.0713 4820 Current date / time: 2012/10/22 23:09:42.0713
23:09:42.0713 4820 SystemInfo:
23:09:42.0713 4820
23:09:42.0713 4820 OS Version: 6.0.6002 ServicePack: 2.0
23:09:42.0713 4820 Product type: Workstation
23:09:42.0714 4820 ComputerName: FIPS-PC
23:09:42.0714 4820 UserName: Fips
23:09:42.0714 4820 Windows directory: C:\Windows
23:09:42.0714 4820 System windows directory: C:\Windows
23:09:42.0714 4820 Running under WOW64
23:09:42.0714 4820 Processor architecture: Intel x64
23:09:42.0714 4820 Number of processors: 2
23:09:42.0714 4820 Page size: 0x1000
23:09:42.0714 4820 Boot type: Normal boot
23:09:42.0714 4820 ============================================================
23:09:43.0771 4820 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:09:43.0802 4820 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:09:50.0656 4820 ============================================================
23:09:50.0656 4820 \Device\Harddisk0\DR0:
23:09:50.0656 4820 MBR partitions:
23:09:50.0656 4820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE799800
23:09:50.0656 4820 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE79A000, BlocksNum 0x2BBEB000
23:09:50.0656 4820 \Device\Harddisk1\DR1:
23:09:50.0657 4820 MBR partitions:
23:09:50.0657 4820 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
23:09:50.0657 4820 ============================================================
23:09:50.0685 4820 C: <-> \Device\Harddisk0\DR0\Partition1
23:09:50.0711 4820 D: <-> \Device\Harddisk0\DR0\Partition2
23:09:50.0733 4820 K: <-> \Device\Harddisk1\DR1\Partition1
23:09:50.0734 4820 ============================================================
23:09:50.0734 4820 Initialize success
23:09:50.0734 4820 ============================================================
23:10:02.0561 4424 ============================================================
23:10:02.0562 4424 Scan started
23:10:02.0562 4424 Mode: Manual;
23:10:02.0562 4424 ============================================================
23:10:03.0385 4424 ================ Scan system memory ========================
23:10:03.0385 4424 System memory - ok
23:10:03.0386 4424 ================ Scan services =============================
23:10:03.0489 4424 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:10:03.0491 4424 ACDaemon - ok
23:10:03.0565 4424 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:10:03.0573 4424 ACPI - ok
23:10:03.0618 4424 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:10:03.0620 4424 AdobeARMservice - ok
23:10:03.0707 4424 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:10:03.0712 4424 AdobeFlashPlayerUpdateSvc - ok
23:10:03.0752 4424 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:10:03.0770 4424 adp94xx - ok
23:10:03.0797 4424 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:10:03.0815 4424 adpahci - ok
23:10:03.0842 4424 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:10:03.0846 4424 adpu160m - ok
23:10:03.0876 4424 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:10:03.0881 4424 adpu320 - ok
23:10:03.0917 4424 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:10:03.0919 4424 AeLookupSvc - ok
23:10:03.0965 4424 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
23:10:03.0983 4424 AFD - ok
23:10:04.0005 4424 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:10:04.0008 4424 agp440 - ok
23:10:04.0026 4424 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:10:04.0031 4424 aic78xx - ok
23:10:04.0061 4424 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
23:10:04.0064 4424 ALG - ok
23:10:04.0088 4424 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
23:10:04.0089 4424 aliide - ok
23:10:04.0105 4424 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
23:10:04.0107 4424 amdide - ok
23:10:04.0129 4424 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:10:04.0131 4424 AmdK8 - ok
23:10:04.0194 4424 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:10:04.0197 4424 AntiVirSchedulerService - ok
23:10:04.0223 4424 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:10:04.0226 4424 AntiVirService - ok
23:10:04.0247 4424 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
23:10:04.0249 4424 Appinfo - ok
23:10:04.0285 4424 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
23:10:04.0288 4424 arc - ok
23:10:04.0314 4424 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:10:04.0317 4424 arcsas - ok
23:10:04.0334 4424 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:10:04.0335 4424 AsyncMac - ok
23:10:04.0368 4424 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
23:10:04.0369 4424 atapi - ok
23:10:04.0408 4424 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:10:04.0425 4424 AudioEndpointBuilder - ok
23:10:04.0449 4424 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:10:04.0457 4424 AudioSrv - ok
23:10:04.0485 4424 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:10:04.0488 4424 avgntflt - ok
23:10:04.0519 4424 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:10:04.0523 4424 avipbb - ok
23:10:04.0543 4424 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:10:04.0544 4424 avkmgr - ok
23:10:04.0590 4424 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
23:10:04.0608 4424 BFE - ok
23:10:04.0647 4424 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\Windows\SysWOW64\bgsvcgen.exe
23:10:04.0650 4424 bgsvcgen - ok
23:10:04.0702 4424 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
23:10:04.0737 4424 BITS - ok
23:10:04.0757 4424 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:10:04.0759 4424 blbdrive - ok
23:10:04.0795 4424 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:10:04.0798 4424 bowser - ok
23:10:04.0821 4424 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:10:04.0823 4424 BrFiltLo - ok
23:10:04.0839 4424 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:10:04.0840 4424 BrFiltUp - ok
23:10:04.0860 4424 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
23:10:04.0863 4424 Browser - ok
23:10:04.0885 4424 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
23:10:04.0889 4424 Brserid - ok
23:10:04.0905 4424 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:10:04.0907 4424 BrSerWdm - ok
23:10:04.0927 4424 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:10:04.0928 4424 BrUsbMdm - ok
23:10:04.0946 4424 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:10:04.0947 4424 BrUsbSer - ok
23:10:04.0967 4424 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:10:04.0970 4424 BTHMODEM - ok
23:10:04.0997 4424 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:10:05.0000 4424 cdfs - ok
23:10:05.0033 4424 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:10:05.0035 4424 cdrom - ok
23:10:05.0070 4424 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
23:10:05.0073 4424 CertPropSvc - ok
23:10:05.0103 4424 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
23:10:05.0105 4424 circlass - ok
23:10:05.0148 4424 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
23:10:05.0163 4424 CLFS - ok
23:10:05.0226 4424 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:10:05.0229 4424 clr_optimization_v2.0.50727_32 - ok
23:10:05.0281 4424 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:10:05.0284 4424 clr_optimization_v2.0.50727_64 - ok
23:10:05.0324 4424 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:10:05.0328 4424 clr_optimization_v4.0.30319_32 - ok
23:10:05.0372 4424 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:10:05.0375 4424 clr_optimization_v4.0.30319_64 - ok
23:10:05.0393 4424 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:10:05.0395 4424 cmdide - ok
23:10:05.0413 4424 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:10:05.0415 4424 Compbatt - ok
23:10:05.0427 4424 COMSysApp - ok
23:10:05.0446 4424 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:10:05.0448 4424 crcdisk - ok
23:10:05.0489 4424 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:10:05.0492 4424 CryptSvc - ok
23:10:05.0564 4424 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
23:10:05.0591 4424 DcomLaunch - ok
23:10:05.0621 4424 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:10:05.0625 4424 DfsC - ok
23:10:05.0732 4424 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
23:10:05.0955 4424 DFSR - ok
23:10:06.0008 4424 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:10:06.0016 4424 Dhcp - ok
23:10:06.0045 4424 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
23:10:06.0048 4424 disk - ok
23:10:06.0081 4424 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:10:06.0086 4424 Dnscache - ok
23:10:06.0128 4424 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
23:10:06.0138 4424 dot3svc - ok
23:10:06.0178 4424 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
23:10:06.0182 4424 Dot4 - ok
23:10:06.0222 4424 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:10:06.0224 4424 Dot4Print - ok
23:10:06.0268 4424 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
23:10:06.0270 4424 dot4usb - ok
23:10:06.0297 4424 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
23:10:06.0301 4424 DPS - ok
23:10:06.0341 4424 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:10:06.0342 4424 drmkaud - ok
23:10:06.0394 4424 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:10:06.0407 4424 DXGKrnl - ok
23:10:06.0437 4424 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
23:10:06.0440 4424 E1G60 - ok
23:10:06.0469 4424 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
23:10:06.0472 4424 EapHost - ok
23:10:06.0491 4424 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
23:10:06.0494 4424 Ecache - ok
23:10:06.0552 4424 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:10:06.0570 4424 ehRecvr - ok
23:10:06.0592 4424 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
23:10:06.0597 4424 ehSched - ok
23:10:06.0620 4424 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
23:10:06.0621 4424 ehstart - ok
23:10:06.0646 4424 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:10:06.0661 4424 elxstor - ok
23:10:06.0704 4424 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:10:06.0720 4424 EMDMgmt - ok
23:10:06.0737 4424 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:10:06.0738 4424 ErrDev - ok
23:10:06.0799 4424 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
23:10:06.0816 4424 EventSystem - ok
23:10:06.0839 4424 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
23:10:06.0843 4424 exfat - ok
23:10:06.0881 4424 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:10:06.0895 4424 fastfat - ok
23:10:06.0918 4424 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:10:06.0920 4424 fdc - ok
23:10:06.0936 4424 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
23:10:06.0938 4424 fdPHost - ok
23:10:06.0955 4424 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
23:10:06.0957 4424 FDResPub - ok
23:10:06.0973 4424 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:10:06.0976 4424 FileInfo - ok
23:10:06.0995 4424 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:10:06.0997 4424 Filetrace - ok
23:10:07.0016 4424 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:10:07.0018 4424 flpydisk - ok
23:10:07.0047 4424 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:10:07.0052 4424 FltMgr - ok
23:10:07.0115 4424 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
23:10:07.0152 4424 FontCache - ok
23:10:07.0212 4424 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:10:07.0214 4424 FontCache3.0.0.0 - ok
23:10:07.0248 4424 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
23:10:07.0250 4424 fssfltr - ok
23:10:07.0320 4424 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:10:07.0356 4424 fsssvc - ok
23:10:07.0384 4424 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:10:07.0385 4424 Fs_Rec - ok
23:10:07.0414 4424 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:10:07.0426 4424 gagp30kx - ok
23:10:07.0467 4424 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
23:10:07.0494 4424 gpsvc - ok
23:10:07.0535 4424 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:10:07.0541 4424 HdAudAddService - ok
23:10:07.0591 4424 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:10:07.0605 4424 HDAudBus - ok
23:10:07.0629 4424 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:10:07.0636 4424 HidBth - ok
23:10:07.0654 4424 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
23:10:07.0655 4424 HidIr - ok
23:10:07.0677 4424 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
23:10:07.0679 4424 hidserv - ok
23:10:07.0702 4424 [ D02C82CB3A20F391C8AEFF94E8E0BAA1 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:10:07.0703 4424 HidUsb - ok
23:10:07.0730 4424 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
23:10:07.0734 4424 hkmsvc - ok
23:10:07.0759 4424 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:10:07.0761 4424 HpCISSs - ok
23:10:07.0855 4424 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
23:10:07.0861 4424 hpqcxs08 - ok
23:10:07.0898 4424 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
23:10:07.0902 4424 hpqddsvc - ok
23:10:07.0950 4424 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
23:10:07.0973 4424 HPSLPSVC - ok
23:10:08.0014 4424 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:10:08.0027 4424 HTTP - ok
23:10:08.0044 4424 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:10:08.0046 4424 i2omp - ok
23:10:08.0073 4424 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:10:08.0075 4424 i8042prt - ok
23:10:08.0107 4424 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:10:08.0117 4424 iaStorV - ok
23:10:08.0178 4424 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:10:08.0204 4424 idsvc - ok
23:10:08.0227 4424 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:10:08.0229 4424 iirsp - ok
23:10:08.0258 4424 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
23:10:08.0277 4424 IKEEXT - ok
23:10:08.0303 4424 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
23:10:08.0305 4424 intelide - ok
23:10:08.0326 4424 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:10:08.0328 4424 intelppm - ok
23:10:08.0351 4424 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:10:08.0356 4424 IPBusEnum - ok
23:10:08.0380 4424 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:10:08.0382 4424 IpFilterDriver - ok
23:10:08.0409 4424 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:10:08.0417 4424 iphlpsvc - ok
23:10:08.0429 4424 IpInIp - ok
23:10:08.0460 4424 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:10:08.0462 4424 IPMIDRV - ok
23:10:08.0478 4424 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:10:08.0481 4424 IPNAT - ok
23:10:08.0508 4424 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:10:08.0509 4424 IRENUM - ok
23:10:08.0532 4424 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:10:08.0533 4424 isapnp - ok
23:10:08.0567 4424 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:10:08.0572 4424 iScsiPrt - ok
23:10:08.0596 4424 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:10:08.0598 4424 iteatapi - ok
23:10:08.0619 4424 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:10:08.0621 4424 iteraid - ok
23:10:08.0647 4424 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:10:08.0649 4424 kbdclass - ok
23:10:08.0669 4424 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:10:08.0671 4424 kbdhid - ok
23:10:08.0703 4424 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
23:10:08.0706 4424 KeyIso - ok
23:10:08.0749 4424 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:10:08.0764 4424 KSecDD - ok
23:10:08.0786 4424 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:10:08.0788 4424 ksthunk - ok
23:10:08.0826 4424 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
23:10:08.0843 4424 KtmRm - ok
23:10:08.0874 4424 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:10:08.0883 4424 LanmanServer - ok
23:10:08.0931 4424 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:10:08.0940 4424 LanmanWorkstation - ok
23:10:08.0963 4424 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:10:08.0965 4424 lltdio - ok
23:10:08.0994 4424 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:10:09.0012 4424 lltdsvc - ok
23:10:09.0028 4424 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:10:09.0031 4424 lmhosts - ok
23:10:09.0060 4424 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:10:09.0063 4424 LSI_FC - ok
23:10:09.0082 4424 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:10:09.0085 4424 LSI_SAS - ok
23:10:09.0111 4424 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:10:09.0114 4424 LSI_SCSI - ok
23:10:09.0135 4424 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
23:10:09.0139 4424 luafv - ok
23:10:09.0175 4424 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:10:09.0177 4424 MBAMProtector - ok
23:10:09.0251 4424 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:10:09.0258 4424 MBAMScheduler - ok
23:10:09.0289 4424 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:10:09.0299 4424 MBAMService - ok
23:10:09.0333 4424 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:10:09.0337 4424 Mcx2Svc - ok
23:10:09.0357 4424 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
23:10:09.0359 4424 megasas - ok
23:10:09.0394 4424 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:10:09.0408 4424 MegaSR - ok
23:10:09.0432 4424 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
23:10:09.0436 4424 MMCSS - ok
23:10:09.0468 4424 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
23:10:09.0470 4424 Modem - ok
23:10:09.0501 4424 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:10:09.0502 4424 monitor - ok
23:10:09.0523 4424 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:10:09.0525 4424 mouclass - ok
23:10:09.0550 4424 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:10:09.0552 4424 mouhid - ok
23:10:09.0564 4424 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:10:09.0568 4424 MountMgr - ok
23:10:09.0592 4424 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
23:10:09.0595 4424 mpio - ok
23:10:09.0613 4424 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:10:09.0616 4424 mpsdrv - ok
23:10:09.0662 4424 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
23:10:09.0680 4424 MpsSvc - ok
23:10:09.0698 4424 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:10:09.0700 4424 Mraid35x - ok
23:10:09.0736 4424 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:10:09.0739 4424 MRxDAV - ok
23:10:09.0773 4424 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:10:09.0777 4424 mrxsmb - ok
23:10:09.0818 4424 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:10:09.0823 4424 mrxsmb10 - ok
23:10:09.0843 4424 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:10:09.0845 4424 mrxsmb20 - ok
23:10:09.0867 4424 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
23:10:09.0869 4424 msahci - ok
23:10:09.0893 4424 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:10:09.0896 4424 msdsm - ok
23:10:09.0932 4424 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
23:10:09.0937 4424 MSDTC - ok
23:10:09.0969 4424 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:10:09.0970 4424 Msfs - ok
23:10:09.0985 4424 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:10:09.0987 4424 msisadrv - ok
23:10:10.0014 4424 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:10:10.0020 4424 MSiSCSI - ok
23:10:10.0031 4424 msiserver - ok
23:10:10.0056 4424 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:10:10.0058 4424 MSKSSRV - ok
23:10:10.0084 4424 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:10:10.0086 4424 MSPCLOCK - ok
23:10:10.0105 4424 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:10:10.0106 4424 MSPQM - ok
23:10:10.0147 4424 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:10:10.0161 4424 MsRPC - ok
23:10:10.0180 4424 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:10:10.0182 4424 mssmbios - ok
23:10:10.0205 4424 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:10:10.0206 4424 MSTEE - ok
23:10:10.0225 4424 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
23:10:10.0229 4424 Mup - ok
23:10:10.0273 4424 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
23:10:10.0291 4424 napagent - ok
23:10:10.0325 4424 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:10:10.0329 4424 NativeWifiP - ok
23:10:10.0378 4424 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:10:10.0389 4424 NDIS - ok
23:10:10.0404 4424 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:10:10.0406 4424 NdisTapi - ok
23:10:10.0422 4424 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:10:10.0426 4424 Ndisuio - ok
23:10:10.0461 4424 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:10:10.0464 4424 NdisWan - ok
23:10:10.0479 4424 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:10:10.0482 4424 NDProxy - ok
23:10:10.0520 4424 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:10:10.0523 4424 Net Driver HPZ12 - ok
23:10:10.0554 4424 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:10:10.0556 4424 NetBIOS - ok
23:10:10.0591 4424 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:10:10.0595 4424 netbt - ok
23:10:10.0606 4424 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
23:10:10.0609 4424 Netlogon - ok
23:10:10.0640 4424 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
23:10:10.0658 4424 Netman - ok
23:10:10.0689 4424 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
23:10:10.0707 4424 netprofm - ok
23:10:10.0738 4424 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:10:10.0742 4424 NetTcpPortSharing - ok
23:10:10.0760 4424 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:10:10.0763 4424 nfrd960 - ok
23:10:10.0784 4424 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
23:10:10.0801 4424 NlaSvc - ok
23:10:10.0845 4424 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:10:10.0847 4424 Npfs - ok
23:10:10.0896 4424 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
23:10:10.0900 4424 nsi - ok
23:10:10.0921 4424 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:10:10.0924 4424 nsiproxy - ok
23:10:11.0000 4424 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:10:11.0024 4424 Ntfs - ok
23:10:11.0041 4424 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
23:10:11.0043 4424 Null - ok
23:10:11.0416 4424 [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:10:11.0628 4424 nvlddmkm - ok
23:10:11.0659 4424 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:10:11.0662 4424 nvraid - ok
23:10:11.0683 4424 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:10:11.0686 4424 nvstor - ok
23:10:11.0755 4424 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:10:11.0794 4424 nvsvc - ok
23:10:11.0902 4424 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
23:10:11.0959 4424 nvUpdatusService - ok
23:10:11.0980 4424 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:10:11.0983 4424 nv_agp - ok
23:10:11.0995 4424 NwlnkFlt - ok
23:10:12.0009 4424 NwlnkFwd - ok
23:10:12.0081 4424 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:10:12.0099 4424 odserv - ok
23:10:12.0125 4424 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:10:12.0128 4424 ohci1394 - ok
23:10:12.0167 4424 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:10:12.0170 4424 ose - ok
23:10:12.0231 4424 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:10:12.0257 4424 p2pimsvc - ok
23:10:12.0293 4424 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
23:10:12.0308 4424 p2psvc - ok
23:10:12.0330 4424 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:10:12.0333 4424 Parport - ok
23:10:12.0359 4424 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:10:12.0361 4424 partmgr - ok
23:10:12.0389 4424 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
23:10:12.0394 4424 PcaSvc - ok
23:10:12.0431 4424 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
23:10:12.0433 4424 pccsmcfd - ok
23:10:12.0462 4424 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
23:10:12.0465 4424 pci - ok
23:10:12.0485 4424 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
23:10:12.0487 4424 pciide - ok
23:10:12.0534 4424 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:10:12.0539 4424 pcmcia - ok
23:10:12.0575 4424 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:10:12.0589 4424 PEAUTH - ok
23:10:12.0652 4424 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:10:12.0656 4424 PerfHost - ok
23:10:12.0730 4424 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
23:10:12.0765 4424 pla - ok
23:10:12.0807 4424 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:10:12.0824 4424 PlugPlay - ok
23:10:12.0853 4424 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:10:12.0856 4424 Pml Driver HPZ12 - ok
23:10:12.0898 4424 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:10:12.0912 4424 PNRPAutoReg - ok
23:10:12.0949 4424 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:10:12.0964 4424 PNRPsvc - ok
23:10:13.0004 4424 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:10:13.0022 4424 PolicyAgent - ok
23:10:13.0059 4424 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:10:13.0062 4424 PptpMiniport - ok
23:10:13.0078 4424 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
23:10:13.0080 4424 Processor - ok
23:10:13.0109 4424 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
23:10:13.0116 4424 ProfSvc - ok
23:10:13.0128 4424 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
23:10:13.0131 4424 ProtectedStorage - ok
23:10:13.0165 4424 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:10:13.0167 4424 PSched - ok
23:10:13.0216 4424 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:10:13.0240 4424 ql2300 - ok
23:10:13.0262 4424 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:10:13.0265 4424 ql40xx - ok
23:10:13.0292 4424 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
23:10:13.0313 4424 QWAVE - ok
23:10:13.0341 4424 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:10:13.0343 4424 QWAVEdrv - ok
23:10:13.0360 4424 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:10:13.0362 4424 RasAcd - ok
23:10:13.0390 4424 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
23:10:13.0396 4424 RasAuto - ok
23:10:13.0411 4424 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:10:13.0415 4424 Rasl2tp - ok
23:10:13.0443 4424 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
23:10:13.0460 4424 RasMan - ok
23:10:13.0489 4424 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:10:13.0492 4424 RasPppoe - ok
23:10:13.0537 4424 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:10:13.0539 4424 RasSstp - ok
23:10:13.0568 4424 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:10:13.0574 4424 rdbss - ok
23:10:13.0591 4424 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:10:13.0593 4424 RDPCDD - ok
23:10:13.0626 4424 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:10:13.0633 4424 rdpdr - ok
23:10:13.0644 4424 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:10:13.0646 4424 RDPENCDD - ok
23:10:13.0690 4424 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:10:13.0694 4424 RDPWD - ok
23:10:13.0725 4424 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:10:13.0729 4424 RemoteAccess - ok
23:10:13.0758 4424 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:10:13.0776 4424 RemoteRegistry - ok
23:10:13.0798 4424 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
23:10:13.0801 4424 RpcLocator - ok
23:10:13.0838 4424 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
23:10:13.0852 4424 RpcSs - ok
23:10:13.0866 4424 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:10:13.0871 4424 rspndr - ok
23:10:13.0910 4424 [ B263B3AEBCDE2210D1CC25756601B8EA ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
23:10:13.0924 4424 RTL8169 - ok
23:10:13.0945 4424 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
23:10:13.0948 4424 SamSs - ok
23:10:13.0971 4424 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:10:13.0974 4424 sbp2port - ok
23:10:14.0014 4424 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:10:14.0021 4424 SCardSvr - ok
23:10:14.0069 4424 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
23:10:14.0092 4424 Schedule - ok
23:10:14.0120 4424 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:10:14.0122 4424 SCPolicySvc - ok
23:10:14.0160 4424 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:10:14.0166 4424 SDRSVC - ok
23:10:14.0191 4424 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:10:14.0193 4424 secdrv - ok
23:10:14.0209 4424 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
23:10:14.0217 4424 seclogon - ok
23:10:14.0239 4424 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
23:10:14.0244 4424 SENS - ok
23:10:14.0274 4424 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:10:14.0276 4424 Serenum - ok
23:10:14.0291 4424 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:10:14.0294 4424 Serial - ok
23:10:14.0317 4424 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:10:14.0319 4424 sermouse - ok
23:10:14.0403 4424 [ 12B41D84A4D058ADC60853C365DBFCCA ] ServiceLayer C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe
23:10:14.0421 4424 ServiceLayer - ok
23:10:14.0468 4424 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
23:10:14.0474 4424 SessionEnv - ok
23:10:14.0491 4424 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:10:14.0493 4424 sffdisk - ok
23:10:14.0519 4424 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:10:14.0522 4424 sffp_mmc - ok
23:10:14.0544 4424 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:10:14.0546 4424 sffp_sd - ok
23:10:14.0568 4424 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:10:14.0570 4424 sfloppy - ok
23:10:14.0601 4424 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:10:14.0619 4424 SharedAccess - ok
23:10:14.0656 4424 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:10:14.0673 4424 ShellHWDetection - ok
23:10:14.0697 4424 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:10:14.0699 4424 SiSRaid2 - ok
23:10:14.0718 4424 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:10:14.0724 4424 SiSRaid4 - ok
23:10:14.0756 4424 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:10:14.0760 4424 SkypeUpdate - ok
23:10:14.0850 4424 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
23:10:14.0907 4424 slsvc - ok
23:10:14.0926 4424 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:10:14.0931 4424 SLUINotify - ok
23:10:14.0959 4424 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:10:14.0963 4424 Smb - ok
23:10:15.0001 4424 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:10:15.0006 4424 SNMPTRAP - ok
23:10:15.0036 4424 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
23:10:15.0037 4424 spldr - ok
23:10:15.0068 4424 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
23:10:15.0083 4424 Spooler - ok
23:10:15.0127 4424 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
23:10:15.0142 4424 srv - ok
23:10:15.0178 4424 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:10:15.0182 4424 srv2 - ok
23:10:15.0212 4424 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:10:15.0216 4424 srvnet - ok
23:10:15.0243 4424 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:10:15.0249 4424 SSDPSRV - ok
23:10:15.0270 4424 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:10:15.0285 4424 SstpSvc - ok
23:10:15.0312 4424 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
23:10:15.0313 4424 StillCam - ok
23:10:15.0347 4424 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
23:10:15.0376 4424 stisvc - ok
23:10:15.0398 4424 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:10:15.0400 4424 swenum - ok
23:10:15.0443 4424 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
23:10:15.0462 4424 swprv - ok
23:10:15.0483 4424 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:10:15.0485 4424 Symc8xx - ok
23:10:15.0510 4424 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:10:15.0513 4424 Sym_hi - ok
23:10:15.0529 4424 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:10:15.0531 4424 Sym_u3 - ok
23:10:15.0585 4424 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
23:10:15.0608 4424 SysMain - ok
23:10:15.0636 4424 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:10:15.0641 4424 TabletInputService - ok
23:10:15.0675 4424 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:10:15.0693 4424 TapiSrv - ok
23:10:15.0709 4424 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
23:10:15.0714 4424 TBS - ok
23:10:15.0776 4424 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:10:15.0812 4424 Tcpip - ok
23:10:15.0858 4424 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:10:15.0878 4424 Tcpip6 - ok
23:10:15.0935 4424 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:10:15.0961 4424 tcpipreg - ok
23:10:15.0990 4424 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:10:15.0991 4424 TDPIPE - ok
23:10:16.0017 4424 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:10:16.0036 4424 TDTCP - ok
23:10:16.0067 4424 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:10:16.0069 4424 tdx - ok
23:10:16.0102 4424 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:10:16.0105 4424 TermDD - ok
23:10:16.0148 4424 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
23:10:16.0173 4424 TermService - ok
23:10:16.0198 4424 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
23:10:16.0206 4424 Themes - ok
23:10:16.0221 4424 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
23:10:16.0224 4424 THREADORDER - ok
23:10:16.0258 4424 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
23:10:16.0263 4424 TrkWks - ok
23:10:16.0293 4424 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:10:16.0294 4424 TrustedInstaller - ok
23:10:16.0325 4424 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:10:16.0327 4424 tssecsrv - ok
23:10:16.0354 4424 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:10:16.0356 4424 tunmp - ok
23:10:16.0385 4424 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:10:16.0389 4424 tunnel - ok
23:10:16.0415 4424 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:10:16.0418 4424 uagp35 - ok
23:10:16.0446 4424 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:10:16.0454 4424 udfs - ok
23:10:16.0479 4424 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:10:16.0489 4424 UI0Detect - ok
23:10:16.0515 4424 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:10:16.0518 4424 uliagpkx - ok
23:10:16.0544 4424 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:10:16.0551 4424 uliahci - ok
23:10:16.0578 4424 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:10:16.0582 4424 UlSata - ok
23:10:16.0609 4424 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:10:16.0613 4424 ulsata2 - ok
23:10:16.0635 4424 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:10:16.0637 4424 umbus - ok
23:10:16.0664 4424 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
23:10:16.0681 4424 upnphost - ok
23:10:16.0722 4424 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:10:16.0725 4424 usbccgp - ok
23:10:16.0749 4424 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:10:16.0751 4424 usbcir - ok
23:10:16.0779 4424 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:10:16.0781 4424 usbehci - ok
23:10:16.0813 4424 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:10:16.0819 4424 usbhub - ok
23:10:16.0851 4424 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:10:16.0853 4424 usbohci - ok
23:10:16.0883 4424 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:10:16.0885 4424 usbprint - ok
23:10:16.0912 4424 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:10:16.0914 4424 usbscan - ok
23:10:16.0934 4424 [ F7386007FB19E7685FC7B298560AA81F ] usbser C:\Windows\system32\DRIVERS\usbser.sys
23:10:16.0936 4424 usbser - ok
23:10:16.0957 4424 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:10:16.0960 4424 USBSTOR - ok
23:10:16.0977 4424 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:10:16.0979 4424 usbuhci - ok
23:10:17.0006 4424 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
23:10:17.0011 4424 UxSms - ok
23:10:17.0047 4424 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
23:10:17.0065 4424 vds - ok
23:10:17.0081 4424 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:10:17.0084 4424 vga - ok
23:10:17.0105 4424 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:10:17.0107 4424 VgaSave - ok
23:10:17.0125 4424 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
23:10:17.0127 4424 viaide - ok
23:10:17.0144 4424 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:10:17.0151 4424 volmgr - ok
23:10:17.0196 4424 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:10:17.0210 4424 volmgrx - ok
23:10:17.0242 4424 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:10:17.0248 4424 volsnap - ok
23:10:17.0282 4424 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:10:17.0286 4424 vsmraid - ok
23:10:17.0339 4424 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
23:10:17.0377 4424 VSS - ok
23:10:17.0419 4424 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
23:10:17.0437 4424 W32Time - ok
23:10:17.0457 4424 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:10:17.0459 4424 WacomPen - ok
23:10:17.0495 4424 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:10:17.0498 4424 Wanarp - ok
23:10:17.0515 4424 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:10:17.0518 4424 Wanarpv6 - ok
23:10:17.0553 4424 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:10:17.0578 4424 wcncsvc - ok
23:10:17.0609 4424 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:10:17.0614 4424 WcsPlugInService - ok
23:10:17.0624 4424 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
23:10:17.0630 4424 Wd - ok
23:10:17.0673 4424 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:10:17.0686 4424 Wdf01000 - ok
23:10:17.0704 4424 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:10:17.0710 4424 WdiServiceHost - ok
23:10:17.0722 4424 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:10:17.0727 4424 WdiSystemHost - ok
23:10:17.0751 4424 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
23:10:17.0769 4424 WebClient - ok
23:10:17.0806 4424 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:10:17.0824 4424 Wecsvc - ok
23:10:17.0845 4424 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:10:17.0850 4424 wercplsupport - ok
23:10:17.0867 4424 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
23:10:17.0874 4424 WerSvc - ok
23:10:17.0885 4424 WinDefend - ok
23:10:17.0903 4424 WinHttpAutoProxySvc - ok
23:10:17.0963 4424 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:10:17.0969 4424 Winmgmt - ok
23:10:18.0052 4424 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
23:10:18.0106 4424 WinRM - ok
23:10:18.0164 4424 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:10:18.0190 4424 Wlansvc - ok
23:10:18.0272 4424 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:10:18.0274 4424 wlcrasvc - ok
23:10:18.0366 4424 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:10:18.0414 4424 wlidsvc - ok
23:10:18.0452 4424 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:10:18.0454 4424 WmiAcpi - ok
23:10:18.0494 4424 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:10:18.0501 4424 wmiApSrv - ok
23:10:18.0525 4424 WMPNetworkSvc - ok
23:10:18.0558 4424 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:10:18.0575 4424 WPCSvc - ok
23:10:18.0605 4424 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:10:18.0611 4424 WPDBusEnum - ok
23:10:18.0637 4424 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:10:18.0640 4424 WpdUsb - ok
23:10:18.0714 4424 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:10:18.0740 4424 WPFFontCache_v0400 - ok
23:10:18.0759 4424 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:10:18.0761 4424 ws2ifsl - ok
23:10:18.0790 4424 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
23:10:18.0796 4424 wscsvc - ok
23:10:18.0806 4424 WSearch - ok
23:10:18.0904 4424 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:10:18.0967 4424 wuauserv - ok
23:10:18.0996 4424 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:10:18.0999 4424 WudfPf - ok
23:10:19.0042 4424 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:10:19.0046 4424 WUDFRd - ok
23:10:19.0066 4424 [ 3DCC7BF5AFA921B479E622BD999121F3 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:10:19.0071 4424 wudfsvc - ok
23:10:19.0086 4424 ================ Scan global ===============================
23:10:19.0116 4424 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
23:10:19.0153 4424 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
23:10:19.0184 4424 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
23:10:19.0218 4424 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
23:10:19.0227 4424 [Global] - ok
23:10:19.0228 4424 ================ Scan MBR ==================================
23:10:19.0248 4424 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:10:19.0889 4424 \Device\Harddisk0\DR0 - ok
23:10:19.0898 4424 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:10:19.0909 4424 \Device\Harddisk1\DR1 - ok
23:10:19.0910 4424 ================ Scan VBR ==================================
23:10:19.0917 4424 [ 74C891038368D253CB46590E96D75860 ] \Device\Harddisk0\DR0\Partition1
23:10:19.0923 4424 \Device\Harddisk0\DR0\Partition1 - ok
23:10:19.0943 4424 [ 30B22EBBA48DA224F3AD42C255671A69 ] \Device\Harddisk0\DR0\Partition2
23:10:19.0946 4424 \Device\Harddisk0\DR0\Partition2 - ok
23:10:19.0956 4424 [ C7569A15A255D69BCFF346593D94CEC1 ] \Device\Harddisk1\DR1\Partition1
23:10:19.0963 4424 \Device\Harddisk1\DR1\Partition1 - ok
23:10:19.0964 4424 ============================================================
23:10:19.0964 4424 Scan finished
23:10:19.0964 4424 ============================================================
23:10:19.0998 3336 Detected object count: 0
23:10:19.0998 3336 Actual detected object count: 0
23:11:15.0699 2032 Deinitialize success
Guten Morgen, nach dem Hochfahren heute morgen ist kein Internetzugriff mehr am PC möglich. Hat das mit der Bereinigung zu tun? Router und Modem funktionieren. Auch am Laptop geht die Netzwerkverbindung nicht mehr. Gott sei Dank konnte ich mir ein Laptop mit Internetzugang hier im Haus leihen und warte nun sehr gespannt auf weitere Anweisungen...
__________________ |
|
23.10.2012, 16:44
| #4 | |
| /// TB-Ausbilder | System Progressive Protection - Entfernung Servus, wegen Internetverbindung: liegt nicht an DeFogger, aswMBR oder TDSSKiller. Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern. Funktioniert dort das Internet? Wenn ja, ComboFix von dort laden und ausführen. Wenn nicht, verwende einen USB-Stick über einen anderen Rechner. Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Das Trojaner-Board unterstützen |
|
23.10.2012, 17:37
| #5 |
| | System Progressive Protection - Entfernung Hallo, bin ganz glücklich, daß es mit der Bereinigung weitergeht und sage vorher schon DANKE! Ich bin im Moment sehr auf den PC angewiesen - auch auf einen Internetzugang - ich hoffe sehr, das es baldige Hoffnung gibt für mich?  Auch im abgesicherten Modus ist keine Internetverbindung da. Nicht identifiziertes Netzwerk + eingeschränkte Konnektivität - wie vorher. Aber das kann man vielleicht zum Schluß lösen bzw. ich den Router nochmal neu installieren und das Netzwerk neu einrichten? Per USB-Stick habe ich ComboFix im abgesicherten Modus ausgeführt. Hier das Logfile Code:
ATTFilter ComboFix 12-10-23.01 - Fips 23.10.2012 18:17:05.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4094.3423 [GMT 2:00]
ausgeführt von:: c:\users\Fips\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fips\AppData\Local\Microsoft\Windows\Temporary Internet Files\eportoZip
c:\users\Fips\AppData\Roaming\Microsoft\Windows\Recent\Aktion Mensch Los.url
K:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-23 bis 2012-10-23 ))))))))))))))))))))))))))))))
.
.
2012-10-23 16:22 . 2012-10-23 16:27 -------- d-----w- c:\users\Fips\AppData\Local\temp
2012-10-22 07:51 . 2012-10-22 07:51 -------- d-----w- c:\users\Fips\AppData\Roaming\Malwarebytes
2012-10-22 07:51 . 2012-10-22 07:51 -------- d-----w- c:\programdata\Malwarebytes
2012-10-22 07:51 . 2012-10-22 07:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-22 07:51 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-22 06:11 . 2012-10-22 13:26 -------- d-----w- c:\programdata\5EE324A6B0F226EA00005EE2C5C82B2A
2012-10-20 06:19 . 2012-10-17 00:31 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B10AFF38-89E9-4C8F-B5CA-EAE9CA45BC18}\mpengine.dll
2012-10-10 19:58 . 2012-09-13 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 19:58 . 2012-09-13 13:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 19:58 . 2012-06-02 00:20 1268736 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 19:58 . 2012-06-02 00:02 985088 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 19:58 . 2012-06-02 00:20 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 19:58 . 2012-06-02 00:20 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 19:58 . 2012-06-02 00:02 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-10 19:58 . 2012-06-02 00:02 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 19:58 . 2012-08-24 16:07 218624 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 19:58 . 2012-08-24 15:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 19:58 . 2012-08-29 11:40 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 05:21 . 2012-10-09 05:21 -------- d-----w- c:\programdata\DesktopIcons
2012-10-09 05:21 . 2012-10-09 05:21 -------- d-----w- c:\program files\WEB.DE MailCheck
2012-10-09 05:21 . 2012-10-09 05:21 -------- d-----w- c:\programdata\1&1 Mail & Media GmbH
2012-10-09 05:21 . 2012-10-09 05:21 -------- d-----w- c:\program files (x86)\WEB.DE MailCheck
2012-10-09 05:20 . 2012-10-09 05:20 -------- d-----w- c:\programdata\UUdb
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 20:57 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
2012-10-09 06:36 . 2012-04-02 05:36 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 06:36 . 2011-05-15 07:15 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 11:15 . 2012-09-22 06:51 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 06:51 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 06:52 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 06:52 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 06:52 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 06:52 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 06:52 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 06:52 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 06:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 06:51 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 06:52 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 06:51 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 06:52 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 06:52 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 06:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 06:52 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 06:52 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 06:52 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 06:52 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 06:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 06:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 06:52 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-07-29 11:59 . 2012-03-24 09:12 96768 ----a-w- c:\windows\system32\pdfcmon.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alle meine Passworte"="c:\progra~2\AMP\AMP.EXE" [2010-02-22 3676672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"DoroServer"="c:\program files (x86)\DoroPDFWriter\DoroServer.exe" [2010-02-10 143360]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-09-27 220744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2012-10-05 1459848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-3-16 172544]
TotalMedia Backup Monitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2010-4-4 331776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:36]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = http://www.trojaner-board.de/125241-...uft-wurde.html
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Felder mit Bestellhelfer ausfüllen - file://c:\program files (x86)\DHL\DHL Bestellhelfer\fillFormContext.html
IE: Felder mit Bestellhelfer merken - file://c:\program files (x86)\DHL\DHL Bestellhelfer\assignContext.html
IE: Free YouTube Download - c:\users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM_Wow6432Node-ActiveSetup-{5CCF8330-F742-411A-8A04-719806D168B5} - msiexec
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\AmP\AmP.exe
c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-23 18:35:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-23 16:35
.
Vor Suchlauf: 8 Verzeichnis(se), 56.629.977.088 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 56.337.854.464 Bytes frei
.
- - End Of File - - 251A174C77A2A64B23A680F49E0B549F
 Von Einer, die sich vor lauter Spannung nicht vom Bildschirm wegtraut...
__________________ Danke + Grüsse - Sofima |
|
24.10.2012, 17:26
| #6 | |
| /// TB-Ausbilder | System Progressive Protection - Entfernung Servus, hast du diese Zeile in die CF Logdatei eingefügt?  Zitat:
__________________ --> System Progressive Protection - Entfernung |
|
24.10.2012, 17:38
| #7 |
| | System Progressive Protection - Entfernung Hallo, nein, ich habe nichts eingefügt. Kann es daher drin stehen, da ich diese Seite Eures Forums als Startseite in meinen IE hinterlegt habe? Sonst habe ich keine Erklärung... Soll ich die Startseite ändern und CF nochmal laufen lassen? Leider bist Du jetzt im Moment offline. Ich will gar nicht unverschämt sein und drängeln, aber kann ich im Moment mit gutem Gewissen am PC arbeiten; zumindest ins Internet und mailen? Wann bin ich wieder "befreit"? P.S. Internetzugang funktioniert wieder, nachdem ich Modem und Router aus- und wieder angestöpselt habe.
__________________ Danke + Grüsse - Sofima |
|
24.10.2012, 18:51
| #8 | ||||
| /// TB-Ausbilder | System Progressive Protection - Entfernung Servus, Zitat:
 Zitat:
 Zitat:
Sobald wir mit der Bereinigung fertig sind, sage ich es dir. Ich würde nur das Dringenste am PC in deiner Situation machen... evtl. hast du Zugriff auf einen anderen, sauberen Rechner... Zitat:
 Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter: BleepingComputer.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter Folder::
c:\programdata\5EE324A6B0F226EA00005EE2C5C82B2A
Wichtig:
__________________ Das Trojaner-Board unterstützen |
|
24.10.2012, 19:58
| #9 |
| | System Progressive Protection - Entfernung N'Abend! Sagte ich Dir schonmal Danke? Hier und jetzt 1000000000000000x Danke! Ich weiß es gibt schöneres im Leben als hier fremde User zu retten...also warte ich geduldig  Meinen Teil habe ich wie bestens von Dir erläutert abgearbeitet: Code:
ATTFilter ComboFix 12-10-24.02 - Fips 24.10.2012 20:29:23.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4094.1934 [GMT 2:00]
ausgeführt von:: c:\users\Fips\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Fips\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-24 bis 2012-10-24 ))))))))))))))))))))))))))))))
.
.
2012-10-24 18:41 . 2012-10-24 18:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-24 18:41 . 2012-10-24 18:41 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-10-24 18:41 . 2012-10-24 18:41 -------- d-----w- c:\users\Fips\AppData\Local\temp
2012-10-24 18:41 . 2012-10-24 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-24 11:01 . 2012-10-17 00:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53928D68-9FC0-423E-968F-DDCB0B5315A8}\mpengine.dll
2012-10-22 07:51 . 2012-10-22 07:51 -------- d-----w- c:\users\Fips\AppData\Roaming\Malwarebytes
2012-10-22 07:51 . 2012-10-22 07:51 -------- d-----w- c:\programdata\Malwarebytes
2012-10-22 07:51 . 2012-10-22 07:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-22 07:51 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-22 06:11 . 2012-10-22 13:26 -------- d-----w- c:\programdata\5EE324A6B0F226EA00005EE2C5C82B2A
2012-10-10 19:58 . 2012-09-13 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 19:58 . 2012-09-13 13:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 19:58 . 2012-06-02 00:20 1268736 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 19:58 . 2012-06-02 00:02 985088 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 19:58 . 2012-06-02 00:20 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 19:58 . 2012-06-02 00:20 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 19:58 . 2012-06-02 00:02 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-10 19:58 . 2012-06-02 00:02 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 19:58 . 2012-08-24 16:07 218624 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 19:58 . 2012-08-24 15:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 19:58 . 2012-08-29 11:40 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 05:21 . 2012-10-09 05:21 -------- d-----w- c:\programdata\DesktopIcons
2012-10-09 05:21 . 2012-10-09 05:21 -------- d-----w- c:\program files\WEB.DE MailCheck
2012-10-09 05:21 . 2012-10-09 05:21 -------- d-----w- c:\programdata\1&1 Mail & Media GmbH
2012-10-09 05:21 . 2012-10-09 05:21 -------- d-----w- c:\program files (x86)\WEB.DE MailCheck
2012-10-09 05:20 . 2012-10-09 05:20 -------- d-----w- c:\programdata\UUdb
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 20:57 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
2012-10-09 06:36 . 2012-04-02 05:36 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 06:36 . 2011-05-15 07:15 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 11:15 . 2012-09-22 06:51 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 06:51 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 06:52 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 06:52 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 06:52 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 06:52 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 06:52 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 06:52 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 06:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 06:51 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 06:52 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 06:51 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 06:52 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 06:52 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 06:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 06:52 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 06:52 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 06:52 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 06:52 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 06:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 06:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 06:52 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-07-29 11:59 . 2012-03-24 09:12 96768 ----a-w- c:\windows\system32\pdfcmon.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alle meine Passworte"="c:\progra~2\AMP\AMP.EXE" [2010-02-22 3676672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"DoroServer"="c:\program files (x86)\DoroPDFWriter\DoroServer.exe" [2010-02-10 143360]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-09-27 220744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2012-10-05 1459848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-3-16 172544]
TotalMedia Backup Monitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2010-4-4 331776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:36]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.gmx.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Felder mit Bestellhelfer ausfüllen - file://c:\program files (x86)\DHL\DHL Bestellhelfer\fillFormContext.html
IE: Felder mit Bestellhelfer merken - file://c:\program files (x86)\DHL\DHL Bestellhelfer\assignContext.html
IE: Free YouTube Download - c:\users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2012-10-24 20:45:18
ComboFix-quarantined-files.txt 2012-10-24 18:45
ComboFix2.txt 2012-10-23 16:35
.
Vor Suchlauf: 12 Verzeichnis(se), 56.546.725.888 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 56.515.141.632 Bytes frei
.
- - End Of File - - E3ECF7ADAA507FC883751469A20D6C0F
und "Servus"...
__________________ Danke + Grüsse - Sofima |
|
25.10.2012, 14:10
| #10 |
| /// TB-Ausbilder | System Progressive Protection - Entfernung Servus, Schritt 1
Code:
ATTFilter :files
c:\programdata\5EE324A6B0F226EA00005EE2C5C82B2A
:Commands
[emptytemp]
Schritt 2 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Wie läuft dein Rechner derzeit? Gibt es noch Probleme? Wenn ja, welche? Bitte poste mit deiner nächsten Antwort
__________________ Das Trojaner-Board unterstützen |
|
25.10.2012, 16:19
| #11 |
| | System Progressive Protection - Entfernung Hallo, na heute früh Feierabend?  1. Schritt: Code:
ATTFilter All processes killed
========== FILES ==========
c:\programdata\5EE324A6B0F226EA00005EE2C5C82B2A folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Fips
->Temp folder emptied: 7409 bytes
->Temporary Internet Files folder emptied: 356283147 bytes
->Java cache emptied: 2741023 bytes
->Flash cache emptied: 7110 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2163229 bytes
->Flash cache emptied: 434 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64930 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 345,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10252012_162227
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter OTL logfile created on: 25.10.2012 16:45:03 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fips\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,38% Memory free 8,19 Gb Paging File | 6,28 Gb Available in Paging File | 76,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 115,80 Gb Total Space | 52,72 Gb Free Space | 45,53% Space Free | Partition Type: NTFS Drive D: | 349,96 Gb Total Space | 308,37 Gb Free Space | 88,11% Space Free | Partition Type: NTFS Drive K: | 931,51 Gb Total Space | 535,97 Gb Free Space | 57,54% Space Free | Partition Type: NTFS Computer Name: FIPS-PC | User Name: Fips | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Fips\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) PRC - C:\Program Files (x86)\AmP\AmP.exe (Mirko Böer) PRC - C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe (CompSoft) PRC - C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.) PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\4710917e5f1bdbb49d9785f4eb0040c5\System.Data.SqlServerCe.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek ) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys (Microsoft Corporation) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {9DDBE413-E209-49BA-BFDD-099CC9CD11AB} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3FF1D4E7-5559-453C-A84D-69253E8D4DF9}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{862EBCFC-71B6-464D-9FF1-7D748F6DA130}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{8A1676D8-EC44-41EF-B676-24738A6C79F1}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{9DDBE413-E209-49BA-BFDD-099CC9CD11AB}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{E439B557-6000-49C1-A511-F514C3127B4D}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.12 12:20:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.02.13 00:03:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.12 12:20:17 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012.10.23 18:23:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3:64bit: - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe (CompSoft) O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKCU..\Run: [Alle meine Passworte] C:\PROGRA~2\AMP\AMP.EXE (Mirko Böer) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Felder mit Bestellhelfer ausfüllen - C:\Program Files (x86)\DHL\DHL Bestellhelfer\fillFormContext.html () O8:64bit: - Extra context menu item: Felder mit Bestellhelfer merken - C:\Program Files (x86)\DHL\DHL Bestellhelfer\assignContext.html () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Felder mit Bestellhelfer ausfüllen - C:\Program Files (x86)\DHL\DHL Bestellhelfer\fillFormContext.html () O8 - Extra context menu item: Felder mit Bestellhelfer merken - C:\Program Files (x86)\DHL\DHL Bestellhelfer\assignContext.html () O8 - Extra context menu item: Free YouTube Download - C:\Users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fips\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AC90B8C-4DE9-4117-8871-944ACAC840F1}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.25 16:22:27 | 000,000,000 | ---D | C] -- C:\_OTL [2012.10.25 08:03:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.24 20:45:21 | 000,000,000 | ---D | C] -- C:\Users\Fips\AppData\Local\temp [2012.10.24 20:15:38 | 004,989,133 | R--- | C] (Swearware) -- C:\Users\Fips\Desktop\ComboFix.exe [2012.10.23 18:22:50 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.23 18:14:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.23 18:14:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.23 18:14:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.23 18:05:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.23 18:05:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.22 22:36:58 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fips\Desktop\aswMBR.exe [2012.10.22 22:29:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.10.22 22:02:50 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Fips\Desktop\tdsskiller.exe [2012.10.22 17:21:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fips\Desktop\OTL.exe [2012.10.22 09:51:33 | 000,000,000 | ---D | C] -- C:\Users\Fips\AppData\Roaming\Malwarebytes [2012.10.22 09:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.22 09:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.22 09:51:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.22 09:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.10 21:58:20 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 21:58:19 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.10 21:58:13 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 21:58:12 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.09 07:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons [2012.10.09 07:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck [2012.10.09 07:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 Mail & Media GmbH [2012.10.09 07:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEB.DE MailCheck [2012.10.09 07:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb ========== Files - Modified Within 30 Days ========== [2012.10.25 16:44:03 | 001,494,134 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.25 16:44:03 | 000,645,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.25 16:44:03 | 000,612,796 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.25 16:44:03 | 000,133,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.25 16:44:03 | 000,111,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.25 16:38:02 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.25 16:38:02 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.25 16:37:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.25 16:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.24 20:15:38 | 004,989,133 | R--- | M] (Swearware) -- C:\Users\Fips\Desktop\ComboFix.exe [2012.10.23 18:23:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.10.23 17:55:14 | 000,001,460 | ---- | M] () -- C:\Users\Fips\AppData\Local\d3d9caps64.dat [2012.10.22 23:08:37 | 000,000,512 | ---- | M] () -- C:\Users\Fips\Desktop\MBR.dat [2012.10.22 22:36:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fips\Desktop\aswMBR.exe [2012.10.22 22:29:14 | 656,293,193 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.22 22:17:58 | 000,000,000 | ---- | M] () -- C:\Users\Fips\defogger_reenable [2012.10.22 22:16:59 | 000,050,477 | ---- | M] () -- C:\Users\Fips\Desktop\Defogger.exe [2012.10.22 22:02:51 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fips\Desktop\tdsskiller.exe [2012.10.22 17:21:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fips\Desktop\OTL.exe [2012.10.22 16:25:58 | 000,273,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.22 09:51:18 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.09 08:36:22 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.09 08:36:22 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.10.24 12:55:06 | 000,000,136 | ---- | C] () -- C:\Users\Fips\Desktop\KRAMER Reinigung.url [2012.10.23 18:14:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.23 18:14:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.23 18:14:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.23 18:14:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.23 18:14:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.22 23:08:37 | 000,000,512 | ---- | C] () -- C:\Users\Fips\Desktop\MBR.dat [2012.10.22 22:29:14 | 656,293,193 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.10.22 22:17:58 | 000,000,000 | ---- | C] () -- C:\Users\Fips\defogger_reenable [2012.10.22 22:16:59 | 000,050,477 | ---- | C] () -- C:\Users\Fips\Desktop\Defogger.exe [2012.10.22 09:51:18 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.16 12:26:06 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012.03.16 12:26:06 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012.03.16 12:26:06 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012.03.16 12:26:06 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012.03.16 12:26:06 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012.03.16 12:26:06 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012.03.16 12:26:06 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012.03.16 12:26:06 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012.03.16 12:26:06 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012.03.16 12:26:06 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012.03.16 12:26:06 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012.03.16 12:26:06 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012.03.16 12:26:06 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012.03.16 12:26:06 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012.03.16 12:26:06 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012.03.16 12:26:06 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012.03.16 12:26:06 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012.03.16 12:26:06 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012.03.16 12:26:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.05.14 11:29:37 | 000,000,285 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.02.12 17:25:59 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat.temp [2011.02.12 12:09:17 | 000,238,402 | ---- | C] () -- C:\Windows\hpoins52.dat [2010.10.30 14:23:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.05 09:55:22 | 000,000,105 | ---- | C] () -- C:\Users\Fips\AppData\Roaming\default.pls [2010.04.05 09:52:15 | 000,006,144 | ---- | C] () -- C:\Users\Fips\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.29 18:56:50 | 000,001,024 | ---- | C] () -- C:\Users\Fips\.rnd [2010.03.29 18:29:50 | 000,001,460 | ---- | C] () -- C:\Users\Fips\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.10.2012 16:45:03 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fips\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,38% Memory free
8,19 Gb Paging File | 6,28 Gb Available in Paging File | 76,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 115,80 Gb Total Space | 52,72 Gb Free Space | 45,53% Space Free | Partition Type: NTFS
Drive D: | 349,96 Gb Total Space | 308,37 Gb Free Space | 88,11% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 535,97 Gb Free Space | 57,54% Space Free | Partition Type: NTFS
Computer Name: FIPS-PC | User Name: Fips | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 73 C0 2C CF CA D3 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0602D8DB-D24E-4424-A25E-861BDBE929F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0ACD5D57-4FBD-469A-AC6F-C8D20E5737C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13219579-7FC1-48F9-BA59-559CAD62D328}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27592B53-B850-417B-8100-850538DD7E1D}" = rport=138 | protocol=17 | dir=out | app=system |
"{284E42D1-4E4C-4058-95F4-A34C7A008392}" = rport=139 | protocol=6 | dir=out | app=system |
"{2A1A4D76-B48B-41A8-A53B-D3900C57BDEF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4B0DC77B-4A29-4882-B0AD-6AD29AE5DF71}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5783E445-2731-4678-94BC-D79AE5B572FA}" = rport=445 | protocol=6 | dir=out | app=system |
"{5F58B54B-C8E3-4D5F-A0CE-EF39659A75CF}" = rport=137 | protocol=17 | dir=out | app=system |
"{65CFEDD0-D707-445B-B325-42412C4E4AF4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6785ACB5-149F-454F-8B83-7F8E6E774B56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8890C7FA-B3AB-4C46-9790-BBA64BBC443B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{889A470A-00A2-4B59-B8EF-90ADDF734D37}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A13D6855-F584-408A-AD4C-4119C50BCDED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A308BB75-9428-48A8-BC3D-527FF0BC56D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{A51D7642-C583-4174-8090-240ADC2E71F9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B9F703E7-C31E-4576-A0E8-5FB839D4BE08}" = lport=138 | protocol=17 | dir=in | app=system |
"{CBFCD9A6-FDAF-434D-982E-67D0D47EB881}" = lport=445 | protocol=6 | dir=in | app=system |
"{CC87156B-A8A2-4315-BBC1-3408F1CD00EC}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{E9C84D45-026E-4408-A9E6-140C85A35103}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF1B3CFC-7D3B-41D5-808A-C687633BE88D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FA9E6AF3-9D66-4822-B882-428CA96639C3}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02927D87-9606-413D-9D89-3BFA5970D9FC}" = dir=in | app=e:\setup\hpznui40.exe |
"{03FC5E8C-650D-4BCF-BE46-A8AB0586AA3B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0A7C36AD-7DC5-45D8-B62B-B68FF3A1F5AE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0BD70C00-51B7-4D6F-B904-5FFEEEB89249}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0CDDB682-434E-496A-B4C7-25268A3C9172}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{0ED3A26F-722E-4AEE-B24A-4C7A07DA78BB}" = protocol=17 | dir=in | app=c:\program files (x86)\merian scout navimanager\msnavimanager.exe |
"{11D74483-05E4-44D4-8C09-209317CC6A50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{13EE4451-1C13-4D1F-91B8-F02A340BB92D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{1B798826-0F32-434A-BFFA-277D149F5696}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{2104C697-6588-4B55-90D4-A5572D173C47}" = protocol=6 | dir=out | app=system |
"{27C08000-D4D5-44C3-B84C-32B79DC61654}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{2CAFE7DB-BCB2-4052-BDA5-A52E8F2644AE}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{2D63A424-C4AA-498C-8125-C9BBDB4E1236}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3239836B-6D21-4242-A5AA-FF5CFB53795B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E1C2A9E-E24D-492B-905E-F2F4590F1843}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{48087F26-662C-4EC2-ADBD-AF7FC1CA39A4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5099802C-BD8D-4D59-9737-F88EB703E2CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{61C66AF1-7871-4708-8FAA-A96F3E69A49B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{65346458-5C62-4951-AF8E-E7BE6DBAF7DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{671A5499-F39B-46EA-A587-80A6DC08259B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78D2BEA4-94DF-4FC3-A24B-D83D61F35358}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E811D33-56C6-42FC-8664-DF5F55BACF73}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{85A9AB2C-E436-471D-8562-8AB68D90986F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88528527-52FE-4F6A-A2CA-4C05BB2DEBAE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8AD671FC-8FF0-44D0-A54F-F104C400D1EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B7E3457-7D42-4CBE-9C82-37EF54866E4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{8BE331E9-FB17-406B-87D4-D0F95306CB1C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{8C06749F-C962-4663-B272-F950FF130F74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D145A5F-CDB8-45D0-8B35-C2E9AFF62950}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{91B341D4-2BA8-4FA7-AC7F-92CBD00E5FAA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{979239E3-ABB1-4FD3-95C1-0285E772BF0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A1B3F30D-BAD6-4BAC-AD26-AC5E6893125B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A34CD938-4497-4013-8F17-20E4CBE393C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{A4CEC94F-AF70-4216-B8E9-1C5D7DC8126C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{A8154700-583B-4945-86FC-B17D26EDC7A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AE1F3CC7-4BA1-4E07-980C-22D52DAF3D9B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8BE9306-DBFB-4D91-AFCC-93A9F138851B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDB53652-235A-4678-8C0B-6742D07B13DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8FC54D7-240B-4150-959C-75809D7EBD0B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{DA7F94BA-7DFD-4326-AF5F-A1A36637695E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DB78B78B-2605-4D9C-A2F2-10A6DB71B42C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E2AB0F81-248D-4DFE-9FAE-ABCCE4572BBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3AB3BBA-AB84-4875-AC18-22031660B106}" = protocol=6 | dir=in | app=c:\program files (x86)\merian scout navimanager\msnavimanager.exe |
"{F110F203-8E26-40F3-8802-D706BC1225D8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F1BE08B0-EFD6-47D0-95C5-68724932A6B1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F4B02003-AE28-42AE-8B24-50E0F8BF5702}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F54A13CE-CDCB-4D95-9D5F-6E1CC5907047}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F66B4903-AE6A-4997-965B-12DE6B49B831}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F85EC175-B392-4F21-AD63-73E43BA5B7FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD5EEBEC-F6AF-4C35-88BB-CEBEF6159401}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"TCP Query User{09BDD7C6-DC91-4605-9F1B-79159EFD06A1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{16F260EF-62A5-435C-BE55-AB507726DC15}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{6A42565D-6B59-4DA4-ADB0-8F660C24F228}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{D6B2B919-E140-4F3C-9796-FEDBFA6636AF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{3C2A04D8-1BDF-4B90-ACF5-A2C3DC8E8266}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{7726DB00-CEF2-4D95-B1DB-486343418B22}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{85F73F7D-1E97-46E3-ABBF-AD37AB602921}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{EC7D49BA-8202-4999-A206-782B893D7D7D}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{777afb2a-98e5-4f14-b455-378a925cae15}.sdb" = CVE-2012-4969
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}" = HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6)
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.8)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DDDFDF2-4A92-4E77-959F-59D196B99C0C}" = C410
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver
"{25F61E72-AAA4-4607-95D2-1E5139C98FFB}" = Nokia_Multimedia_Common_Components_2_5
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup
"{47D80D13-607F-4F1D-A99B-C66BE2C0293F}" = DHL Bestellhelfer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28C077-9958-45F1-8BB4-CBF90A69AD4E}" = PC Connectivity Solution
"{4FCB1267-7380-4EBA-9A6C-69809C6E8227}" = Nokia Music Player
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5CCF8330-F742-411A-8A04-719806D168B5}" = Deutsche Post E-Porto
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB6CBD4-ED44-4EAA-8496-228395B1C1D0}" = gs_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.6.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1D8B95-0A1E-4357-951E-424F87067EAF}" = MERIAN scout NAVIMANAGER
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F217D8AF-965B-4D3E-8F14-AC47B9CA535B}" = PS_AIO_07_C410_SW_Min
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE MailCheck für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AllemeinePassworte" = Alle meine Passworte 3.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Doro_is1" = Doro 1.55
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 1.4
"Free Studio_is1" = Free Studio version 5.3.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NAVIGON Sync" = NAVIGON Sync 2.0.0
"Nokia PC Suite" = Nokia PC Suite
"ST6UNST #1" = BEWERBUNGSMASTER
"ST6UNST #2" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\)
"ST6UNST #3" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\) #3
"ST6UNST #4" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\) #4
"ST6UNST #5" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\) #5
"TaskUnifier 2.3.1" = TaskUnifier 2.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.05.2012 00:37:17 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.05.2012 10:18:52 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.05.2012 03:07:34 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.05.2012 03:55:24 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.05.2012 00:44:44 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.05.2012 11:38:34 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.05.2012 00:32:28 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.05.2012 10:11:57 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.05.2012 00:29:20 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.05.2012 10:39:42 | Computer Name = Fips-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 27.11.2011 04:54:35 | Computer Name = Fips-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.11.2011 06:02:55 | Computer Name = Fips-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.11.2011 06:03:24 | Computer Name = Fips-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 23.10.2012 12:23:39 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 23.10.2012 12:26:24 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 24.10.2012 05:28:51 | Computer Name = Fips-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 46.223.109.38 für die Netzwerkkarte mit der Netzwerkadresse
002185CA661E wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 24.10.2012 07:02:31 | Computer Name = Fips-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 24.10.2012 14:25:07 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 24.10.2012 14:25:07 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 24.10.2012 14:35:09 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 24.10.2012 14:41:22 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 25.10.2012 02:01:47 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 25.10.2012 10:39:32 | Computer Name = Fips-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Mein Rechner läuft soweit gut - keine Probleme sonst; aber ich arbeite ja auch kaum daran. Ich kann so nix feststellen. So, wie sieht's für Dich aus?...gibt es Hoffnung für meine Kiste? oder  DANKEEEEEEE für Deine Unterstützung!
__________________ Danke + Grüsse - Sofima |
|
25.10.2012, 16:25
| #12 |
| /// TB-Ausbilder | System Progressive Protection - Entfernung Servus, ja, sieht gut aus für deinen Rechner. Wir habens bald geschafft. Schritt 1
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
__________________ Das Trojaner-Board unterstützen |
|
26.10.2012, 05:35
| #13 |
| | System Progressive Protection - Entfernung Guten Morgen, Puuuuh.....das war ja ne Aufgabe...Eset lief fast 11 Stunden... 1. Schritt Malware Scan war ohne Funde - war also nix zu entfernen Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.25.05 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Fips :: FIPS-PC [Administrator] Schutz: Aktiviert 25.10.2012 17:53:02 mbam-log-2012-10-25 (17-53-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 241813 Laufzeit: 3 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Der Mammut-Scan  Ein altes Setup vom PDF-Drucker ein Fund?Code:
ATTFilter D:\Programme\PDF Drucker\PDFCreator\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application
K:\Sicherung\Sicherung PC\23.10.2012 alle LWe\D\Programme\PDF Drucker\PDFCreator\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application
K:\Sicherung\Sicherung PC\Wöchentlich Vollständig\D\Programme\PDF Drucker\PDFCreator\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application
K:\Sicherung\Sicherung PC\Wöchentlich Vollständig1\D\Programme\PDF Drucker\PDFCreator\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application
K:\Sicherung\Sicherung PC\Wöchentlich Vollständig13\D\Programme\PDF Drucker\PDFCreator\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application
K:\Sicherung\Sicherung PC\Wöchentlich Vollständig14\D\Programme\PDF Drucker\PDFCreator\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application
Code:
ATTFilter Results of screen317's Security Check version 0.99.53 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Java(TM) 6 Update 26 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Adobe Reader X (10.1.4) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Angenehmen Arbeitstag!
__________________ Danke + Grüsse - Sofima |
|
26.10.2012, 16:52
| #14 |
| /// TB-Ausbilder | System Progressive Protection - Entfernung Servus, Lösche die folgende Datei per Hand: D:\Programme\PDF Drucker\PDFCreator\PDFCreator-1_2_3_setup.exe Dieselbe Datei bitte auch von allen Sicherungen entfernen. Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 3 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 4 Ich würde dir empfehlen, 1 mal pro Woche auch mit diesem Scanner dein System zu prüfen. Möchtest Du ESET denoch deinstallieren, Drücke bitte die  + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
Schritt 5 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 6
Schritt 7 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich diesen Thread aus meinen Abos löschen kann.
__________________ Das Trojaner-Board unterstützen |
|
28.10.2012, 07:37
| #15 |
| | System Progressive Protection - Entfernung Guten Morgen, ui...da hatte ich ja zu tun! Habe alles soweit abgearbeitet und etwas für mehr Sicherheit meines PC's auch. Danke für die Hinweise. Im Moment läuft alles wie gewohnt. Denke somit bin ich "clean". Nur Schritt 6 - Starte die adwcleaner.exe zum Deinstallieren konnte ich nicht machen, da ich dieses Programm ja gar nicht installiert hatte. Vielen Dank Dir und ich schaue hier sicher mal wieder vorbei, um den ein oder anderen Ratschlag zu finden.
__________________ Danke + Grüsse - Sofima |
|
| Themen zu System Progressive Protection - Entfernung |
| arbeiten, avg secure search, beitrag, entfernung, forum, gestoppt, infiziert, install.exe, interne, internet, laufen, leben, lieber, log, mailprogramm, malwarebytes, morgen, nutzen, nvidia update, office 2007, origin, programm, protection, rechner, recycle.bin, scan, secure search, sorge, system, trojan.fakealert.ssgen, vista, windows, windows vista |
Textbox.
