| |
| |||||||
Log-Analyse und Auswertung: Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
23.11.2012, 02:50
| #1 |
 |  Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefunden Hallo, ich habe unabsichtlich die Toolbar Mystart Incredibar installiert. Ich habe die Toolbar über die Systemsteuerung aus den Programmen gelöscht. Anschließend habe ich in diesem Forum http://www.trojaner-board.de/122337-...entfernen.html gefunden. Leider habe ich (bevor ich die Anleitung zur Erstellung eines neuen Posts gelesen habe) die Anleitungen aus dem Thread befolgt und habe einen Scan mit Emisoft gemacht (aber den gefunden Java/Exploit.CVE-2012-4681 nicht in Quarantäne getan). Anschließend habe ich des ESET-Scan laufen lassen. Bei ca. 23% wurde Java/Exploit.CVE-2012-4681 gefunden. Dann habe ich den Scan noch eine Stunde weiterlaufen lassen aber dann bei ca. 34% abgebrochen, den Exploit gelöscht und ESET geschlossen. Jetzt beginne ich nochmal von vorne in der richtigen Reihenfolge und poste in den nächsten 4 Posts die geforderten Log-files.die geforderten Log-files. Bitte entschuldigt die schlechte Vorgehensweise. Über Eure Hilfe würde ich mich sehr freuen und bin im Voraus dankbar. Viele Grüße, volkyleo defogger Log-file defogger_disable by jpshortstuff (23.02.10.1) Log created at 02:18 on 23/11/2012 (Sch_Business) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 23.11.2012 02:19:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sch_Business\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 57,82% Memory free
7,60 Gb Paging File | 5,64 Gb Available in Paging File | 74,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 193,08 Gb Total Space | 114,80 Gb Free Space | 59,46% Space Free | Partition Type: NTFS
Drive D: | 94,07 Gb Total Space | 39,07 Gb Free Space | 41,53% Space Free | Partition Type: NTFS
Drive E: | 9,77 Gb Total Space | 1,25 Gb Free Space | 12,83% Space Free | Partition Type: NTFS
Computer Name: BUSINESS | User Name: Sch_Business | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.11.23 02:18:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sch_Business\Desktop\OTL(1).exe
PRC - [2012.10.08 10:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.07 19:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.27 21:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.05.11 16:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011.05.23 11:10:00 | 001,688,384 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
PRC - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2011.01.28 06:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\pg_ctl.exe
PRC - [2011.01.28 06:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\postgres.exe
PRC - [2010.05.03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.05.03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.27 21:51:54 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
========== Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SN_Service.exe -- (SN_Service)
SRV:64bit: - [2011.12.28 05:40:02 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.06.01 01:02:16 | 000,043,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2012.11.21 23:37:43 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 22:47:11 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.08 10:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.11 16:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.06.13 18:36:48 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.05.23 11:10:00 | 001,688,384 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -- (QDLService2kLenovo)
SRV - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2011.01.28 06:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- c:\postgreSQL\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010.10.19 13:51:44 | 001,430,288 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.10.19 13:29:38 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.05.03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.05.03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.29 10:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.10.08 10:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.09.07 19:26:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.09.07 19:26:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.07 19:26:05 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.05 20:43:24 | 000,027,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012.05.30 12:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.28 05:40:02 | 000,147,784 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.12.28 05:40:02 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.12.27 02:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.07.20 08:58:24 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2011.05.23 14:33:32 | 000,167,040 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011.05.23 10:12:40 | 000,444,416 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys -- (qcusbnetlno2k)
DRV:64bit: - [2011.05.23 10:12:40 | 000,231,040 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys -- (qcusbserlno2k)
DRV:64bit: - [2011.05.23 10:12:40 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys -- (qcfilterlno2k)
DRV:64bit: - [2011.05.21 09:21:56 | 012,229,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.18 01:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010.10.14 23:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.10.14 18:26:48 | 001,395,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.08.25 09:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010.04.08 22:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010.02.26 22:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.15 12:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.15 12:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.15 12:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.10.26 13:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.30 12:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009.06.30 12:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009.06.30 11:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 10:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009.04.07 13:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.06.01 01:01:52 | 000,026,928 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2006.06.18 21:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2011.05.30 17:21:40 | 000,013,128 | ---- | M] (Authentec Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 8C 82 18 68 96 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{7276BA69-2846-47FD-9D87-868F31652726}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.10.04 21:48:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.21 23:37:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.21 23:37:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.21 23:37:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.21 23:37:41 | 000,000,000 | ---D | M]
[2012.09.20 07:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sch_Business\AppData\Roaming\mozilla\Extensions
[2012.11.22 21:43:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sch_Business\AppData\Roaming\mozilla\Firefox\Profiles\17qzcvkl.default\extensions
[2012.11.22 21:08:14 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\Sch_Business\AppData\Roaming\mozilla\firefox\profiles\17qzcvkl.default\extensions\freehdsport@freehdsport.tv.xpi
[2012.11.21 23:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.21 23:37:44 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SyncService] C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\SyncService.exe (SYNCING.NET Technologies GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E33CC5B7-27DB-40E7-BD9D-AA7EC1E179B9}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {7B0E5486-E11D-437f-AC8B-7901C7D3FCCB} - C:\Program Files\SYNCING.NET Technologies\SYNCING.NET\bin\ShellUI.dll File not found
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk E:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.23 02:18:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sch_Business\Desktop\OTL(1).exe
[2012.11.22 23:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.11.22 21:08:47 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2012.11.22 21:08:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ARFC
[2012.11.22 21:08:13 | 000,000,000 | ---D | C] -- C:\Users\Sch_Business\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATDheNetTVApp.com
[2012.11.22 21:08:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATDheNetTVApp.com
[2012.11.21 23:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.21 17:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.21 17:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.14 10:48:30 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.11.12 13:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\AuthenTec
[2012.11.12 13:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SPBA
[2012.11.07 19:03:48 | 000,000,000 | ---D | C] -- C:\Users\Sch_Business\AppData\Local\FullTiltPoker
[2012.11.07 19:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2012.11.07 19:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Tilt Poker
[2012.10.24 13:23:17 | 000,000,000 | ---D | C] -- C:\Users\Sch_Business\Documents\GoodgammonSaved Files
========== Files - Modified Within 30 Days ==========
[2012.11.23 02:18:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sch_Business\Desktop\OTL(1).exe
[2012.11.23 02:18:12 | 000,000,000 | ---- | M] () -- C:\Users\Sch_Business\defogger_reenable
[2012.11.23 02:17:13 | 000,050,477 | ---- | M] () -- C:\Users\Sch_Business\Desktop\Defogger.exe
[2012.11.23 02:07:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.23 01:16:49 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.11.22 23:30:36 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.22 23:30:36 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.22 23:30:36 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.22 23:30:36 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.22 23:30:36 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.22 21:52:03 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 21:52:03 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 21:44:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.22 21:44:25 | 3060,535,296 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.17 18:32:13 | 001,376,472 | ---- | M] () -- C:\Users\Sch_Business\Desktop\volky.jpg
[2012.11.17 18:31:30 | 001,725,085 | ---- | M] () -- C:\Users\Sch_Business\Desktop\barb.jpg
[2012.11.16 10:19:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.11.14 11:36:44 | 000,346,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012.11.23 02:18:12 | 000,000,000 | ---- | C] () -- C:\Users\Sch_Business\defogger_reenable
[2012.11.23 02:17:12 | 000,050,477 | ---- | C] () -- C:\Users\Sch_Business\Desktop\Defogger.exe
[2012.11.23 01:16:49 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.11.22 21:08:47 | 001,261,936 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2012.11.17 18:30:25 | 001,376,472 | ---- | C] () -- C:\Users\Sch_Business\Desktop\volky.jpg
[2012.11.17 18:30:24 | 001,725,085 | ---- | C] () -- C:\Users\Sch_Business\Desktop\barb.jpg
[2012.11.16 10:19:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.11.14 10:56:07 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 10:49:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.09 13:56:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.10.22 20:15:11 | 000,014,368 | ---- | C] () -- C:\Windows\skype.dat
[2012.10.22 20:15:03 | 000,032,854 | ---- | C] () -- C:\Windows\iniLS.dat
[2012.09.20 12:25:27 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.19 14:28:54 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.09.19 14:28:54 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012.09.19 13:37:47 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012.09.19 13:37:46 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012.09.19 13:37:44 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012.09.19 13:37:43 | 013,787,648 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.11.14 21:35:33 | 000,000,000 | ---D | M] -- C:\Users\Sch_Business\AppData\Roaming\BitTorrent
[2012.10.23 13:47:35 | 000,000,000 | ---D | M] -- C:\Users\Sch_Business\AppData\Roaming\FreePDF
[2012.09.20 17:05:02 | 000,000,000 | ---D | M] -- C:\Users\Sch_Business\AppData\Roaming\HEM Data
[2012.09.20 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\Sch_Business\AppData\Roaming\HoldemManager
[2012.09.20 12:02:32 | 000,000,000 | ---D | M] -- C:\Users\Sch_Business\AppData\Roaming\Party
[2012.10.25 16:48:18 | 000,000,000 | ---D | M] -- C:\Users\Sch_Business\AppData\Roaming\SuperMailer
[2012.09.21 09:34:48 | 000,000,000 | ---D | M] -- C:\Users\Sch_Business\AppData\Roaming\SYNCING.NET
========== Purity Check ==========
< End of report >
Extras.txtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.11.2012 02:19:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sch_Business\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 57,82% Memory free
7,60 Gb Paging File | 5,64 Gb Available in Paging File | 74,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 193,08 Gb Total Space | 114,80 Gb Free Space | 59,46% Space Free | Partition Type: NTFS
Drive D: | 94,07 Gb Total Space | 39,07 Gb Free Space | 41,53% Space Free | Partition Type: NTFS
Drive E: | 9,77 Gb Total Space | 1,25 Gb Free Space | 12,83% Space Free | Partition Type: NTFS
Computer Name: BUSINESS | User Name: Sch_Business | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{152ACDAE-A385-46B3-AE5E-F8692D55165D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D674F8B-351C-491A-AA97-0F736D371B64}" = rport=139 | protocol=6 | dir=out | app=system |
"{2119AB7C-07C0-4AF2-8A2D-60F51686290B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D527CDA-1AEB-4FE8-85A7-5F447D9735BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{32FA6269-6ECA-4C9C-A863-D8F00FDFF82F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F6756D7-C063-45CB-92A9-DCA3986FFF8A}" = rport=137 | protocol=17 | dir=out | app=system |
"{47019AB1-4A6E-42C3-B488-964245DD05CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56466B78-D239-4D83-A1DC-52FDCAED098C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{634B32EE-357F-483C-A4B6-FE8B37F75C15}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68148F88-E4AB-472C-818B-B887191B08BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7505EFB4-54DE-469E-87C0-A8DAA384F7F9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8349149D-6A6F-45B4-BE52-0CB8D744C069}" = lport=10243 | protocol=6 | dir=in | app=system |
"{899ABFCB-536A-4647-9372-D72386A94CCB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F0BD338-EF2E-4B58-891F-1E12EBC39DE8}" = lport=138 | protocol=17 | dir=in | app=system |
"{A1C4FB1B-F1DA-4ABE-A9B1-D7EC5D77307D}" = rport=138 | protocol=17 | dir=out | app=system |
"{A808161C-2529-42A3-BCDA-05C7245F68EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B238C0FC-159B-436D-9F13-EA9692BBE013}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B4AA389C-7175-462D-8A66-008CCC54B4E8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B77A9C10-0085-4305-8303-EC5898A78F6D}" = lport=445 | protocol=6 | dir=in | app=system |
"{BCE572C2-EB44-4B56-B06D-EAF9C05F329D}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{C2E768F9-2D3E-4F05-8CA7-2B81A2651866}" = lport=139 | protocol=6 | dir=in | app=system |
"{DAB521C0-05BD-42E5-8914-72E6D4630ACF}" = lport=137 | protocol=17 | dir=in | app=system |
"{E1117FAB-BC82-49AB-B2BC-6F1A13FA1FE5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F36642AA-8C34-446C-AC93-3D6B0B48C2E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF1383A3-AC4E-4BA4-B6AE-CD5C635B16E1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13CBE6A3-F350-4815-9806-F99C53F82360}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{14FF93FE-9A95-4FDB-B9FF-EDBC28317F94}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{16405333-1093-42DE-8188-4A04D514A9F8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1772243E-29D1-4DDE-B246-DA8B064B4213}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{22DB27B8-6D99-4B51-8E5B-6D982CAC7D04}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{2577F5C0-7868-4370-953C-71E63A882CB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{257A5E54-2C86-4093-ABE1-62A995C69BE1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{36F121A4-4393-4047-983B-BE8FC37513F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A279AA2-EF0A-4773-A0D0-1698043DEC5D}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{3CD6AE0F-930D-4CD4-BF69-D677DD351D03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D16AE2F-8FA7-4E40-8AD9-250D4CC871DF}" = protocol=17 | dir=in | app=c:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe |
"{4336EC2E-40E2-49DF-B4DA-B429936DE9A6}" = protocol=17 | dir=in | app=c:\program files\syncing.net technologies\syncing.net\bin\notificationservice.exe |
"{508E8451-E512-49A2-926C-21CD10E9F482}" = protocol=6 | dir=in | app=c:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe |
"{583B2B79-8367-4CE4-A8BF-F42A4C6247BD}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{594AEB1A-B683-440A-B7CF-FDB6EF4D7BE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5E3A5323-28C7-4610-831B-F8EA3B559D37}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{609C0D15-D052-48F2-8DB5-153A383CED38}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{62ED912C-0A40-4AAB-8A43-E22235E798D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7A132542-5DA9-43D8-B757-96CCF013A39E}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{8A3B6AB3-10E2-435F-B16A-954C8948A1D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F5E8609-C99E-4FA7-9BE8-C573CC3D86ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99DF6A82-E8B6-4AF1-93B2-BA2926690218}" = protocol=6 | dir=in | app=c:\program files\syncing.net technologies\syncing.net\bin\notificationservice.exe |
"{9D5D51DB-C54D-4058-A7AC-C94A72BCF51C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2068E8A-9147-46B9-A7C2-A58CCB2D9B5F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{A3A446A6-2AE6-4AD2-B076-9F2AA8D14537}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{A7BFC7BC-1C32-4ACC-9746-7CAAEEDB9729}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{AF30EE9E-051C-4684-8924-EF32EE0F19AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B05FD4C7-9A77-483C-8485-BB3D8066A51B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B66FF203-C55E-467C-B05F-9A0A49D9B6B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C05F4510-73F1-4A89-A26D-222D33C9CFBE}" = protocol=6 | dir=out | app=system |
"{C1704290-DF7A-468C-BC1B-F7325C7A7D30}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{C24D8B45-BB77-41D1-8DD4-A3026B99A316}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C89998D4-4014-44E3-984E-BCAAF5F02522}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C9DCC7B3-C4F7-41B4-99C9-52499A7BCD73}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{CF5E687D-9B9D-4EE4-8825-E1A380D087DD}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{D24FE576-92AC-4AD2-9855-119C92517180}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D321FD7D-FE69-45A8-A105-F0407BC03241}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D60B06E0-C12E-45E2-A499-B19BB95A33F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6E16CFA-F4A5-4FFA-9403-CD38D85C2485}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{EEE34602-5B6E-4215-A815-FD50B45F9ABB}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{345D62CF-A705-4FFD-AA03-21359233B6A3}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{3D44A028-D8B8-4B66-89A9-8DB4C275D06F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{3DF96C3C-9DF9-4AC3-A368-62A6572138CB}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{697B1C71-E8C3-4095-BBAD-48D3FD900E69}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{7EE8C7D7-CDDF-4287-9E11-5F08B907FE1A}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"UDP Query User{11EF62AD-7EAA-4A38-ACE5-2FB102D1BD93}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"UDP Query User{45E7239A-A2E6-49F5-8C31-38432DD70F92}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{7E94D50C-62D4-48E9-902F-16F9ECD91EF9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{942A3794-7811-46FE-8AA7-1D5C4A148B0A}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{EC9432F5-7589-441D-B732-DC0C2DEA6920}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{38294D95-DB90-4D8C-824C-26856E5001A6}" = ThinkVantage Fingerprint Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel(R) PROSet/Wireless WiFi-Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Newsletter Software SuperMailer (x64)_is1" = SuperMailer 6.10
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"VLC media player" = VLC media player 2.0.2
"WNLT" = IB Updater Service
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2F5AF5E1-E021-4832-A423-EF480EC58A0B}_is1" = eXtreme Gammon 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666C9123-1AEC-446F-8AA8-28256B1953D4}" = Qualcomm Gobi 2000 Package for Lenovo
"{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}" = ThinkVantage GPS
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.48
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"1ClickDownload" = ATDheNetTVApp
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BGroom" = BGroom
"BitTorrent" = BitTorrent
"ESET Online Scanner" = ESET Online Scanner v3
"Goodgammon" = Goodgammon
"HoldemManager2" = Holdem Manager 2
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PartyGammon" = PartyGammon
"PartyPoker" = PartyPoker
"PokerStars.eu" = PokerStars.eu
"PostgreSQL 8.4" = PostgreSQL 8.4
"SopCast" = SopCast 3.5.0
"SYNCING.NET" = SYNCING.NET 3.2
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.11.2012 06:25:00 | Computer Name = Business | Source = WinMgmt | ID = 10
Description =
Error - 22.11.2012 08:49:45 | Computer Name = Business | Source = WinMgmt | ID = 10
Description =
Error - 22.11.2012 08:49:46 | Computer Name = Business | Source = PostgreSQL | ID = 0
Description = 2012-11-22 13:49:46 CETFATAL: the database system is starting up
Error - 22.11.2012 16:34:18 | Computer Name = Business | Source = WinMgmt | ID = 10
Description =
Error - 22.11.2012 16:34:23 | Computer Name = Business | Source = PostgreSQL | ID = 0
Description = 2012-11-22 21:34:23 CETFATAL: the database system is starting up
Error - 22.11.2012 16:43:11 | Computer Name = Business | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sch_Business\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 22.11.2012 16:44:45 | Computer Name = Business | Source = WinMgmt | ID = 10
Description =
Error - 22.11.2012 16:44:49 | Computer Name = Business | Source = PostgreSQL | ID = 0
Description = 2012-11-22 21:44:49 CETFATAL: the database system is starting up
Error - 22.11.2012 18:28:04 | Computer Name = Business | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sch_Business\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 22.11.2012 18:28:04 | Computer Name = Business | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sch_Business\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 22.11.2012 18:28:09 | Computer Name = Business | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sch_Business\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 21.11.2012 14:30:08 | Computer Name = Business | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.
Error - 21.11.2012 14:31:39 | Computer Name = Business | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Windows7_OS" den Befehl "chkdsk" aus.
Error - 22.11.2012 06:24:43 | Computer Name = Business | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SYNCING.NET Service Component" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 22.11.2012 08:49:43 | Computer Name = Business | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SYNCING.NET Service Component" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 22.11.2012 16:34:11 | Computer Name = Business | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SYNCING.NET Service Component" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 22.11.2012 16:44:43 | Computer Name = Business | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SYNCING.NET Service Component" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 22.11.2012 18:27:01 | Computer Name = Business | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 22.11.2012 18:27:01 | Computer Name = Business | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 22.11.2012 18:27:02 | Computer Name = Business | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 22.11.2012 18:27:02 | Computer Name = Business | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
Emisoft-Scan Emsisoft Anti-Malware - Version 7.0 Letztes Update: 22.11.2012 21:48:30 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 22.11.2012 21:49:50 C:\Users\Sch_Business\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk gefunden: Trace.File.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> 1 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> 1 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> 1 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> 10 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> 10 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> 10 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> 2 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> 2 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> 2 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> 4 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> 4 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> 4 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> 5 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> 5 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> 5 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> 6 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> 6 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> 6 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> 7 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> 7 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> 7 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> 9 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> 9 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> 9 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> AdsLastKnownState gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> AdsLastKnownState gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> AdsLastKnownState gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> AppPath gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> AppPath gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> AppPath gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> EnableSounds gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> EnableSounds gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> EnableSounds gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> FourColourDeck gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> FourColourDeck gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> FourColourDeck gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> id gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> id gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> id gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> InitialPort gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> InitialPort gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> InitialPort gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> InstallState gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> InstallState gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> InstallState gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> SL gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> SL gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> SL gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> TableType gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> TableType gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> TableType gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming\partypoker -> useCount gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1001\software\partygaming\partypoker -> useCount gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1005\software\partygaming\partypoker -> useCount gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming -> CFDialogShown gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3653433478-2661001282-2365327416-1000\software\partygaming -> FreshInstall gefunden: Trace.Registry.PartyPoker (A) C:\Users\Sch_Business\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\1ceebea9-6e6541cb gefunden: Exploit.Java.CVE (A) Gescannt 466567 Gefunden 58 Scan Ende: 22.11.2012 23:14:09 Scan Zeit: 1:24:19 |
|
26.11.2012, 04:35
| #2 |
| /// Helfer-Team  | Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefunden 1. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Bitte einen QuickScan mit Malwarebytes Anti-Malware machen und Log posten.
__________________ |
|
26.11.2012, 14:09
| #3 |
| | Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefunden # AdwCleaner v2.009 - Datei am 26/11/2012 um 13:56:25 erstellt
__________________# Aktualisiert am 24/11/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Sch_Business - BUSINESS # Bootmodus : Normal # Ausgeführt unter : C:\Users\Sch_Business\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v17.0 (de) Profilname : default Datei : C:\Users\Sch_Business\AppData\Roaming\Mozilla\Firefox\Profiles\17qzcvkl.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [13631 octets] - [22/11/2012 21:41:54] AdwCleaner[S1].txt - [13591 octets] - [22/11/2012 21:43:29] AdwCleaner[S2].txt - [889 octets] - [26/11/2012 13:56:25] ########## EOF - C:\AdwCleaner[S2].txt - [948 octets] ########## Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.26.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sch_Business :: BUSINESS [Administrator] Schutz: Aktiviert 26.11.2012 14:04:38 mbam-log-2012-11-26 (14-04-38).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 243650 Laufzeit: 3 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
27.11.2012, 12:46
| #4 |
| /// Helfer-Team | Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefunden Ist sie noch da? |
|
27.11.2012, 16:02
| #5 |
| | Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefunden hmmm, die Frage versteh ich jetzt nicht ganz? Was soll noch da sein? Wie ich die Logs lese, gibt es keine Infektion. Ich habe aber nur gemacht, was Du mir gesagt hast. Ist mein Rechner jetzt sauber? Wenn ja, vielen Dank für die Hilfe. |
|
28.11.2012, 21:36
| #6 |
| /// Helfer-Team | Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefunden Die incrdibar. Alle Logs schauen sauber aus. ESET Online Scanner
__________________ --> Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefunden |
|
29.11.2012, 15:48
| #7 |
| | Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefunden Ach so, das hatte ich nicht geschnallt. Nee, die ist nimmer da, aber sie war auch schon vorher nicht mehr da, da ich sie uninstalled hatte. Leider war ja dann dieser Java-Exploit da. Anbei die Logfile von ESET (scheint ja sauber zu sein): ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=a551dfaeea012c4d888660f0c35f61f5 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-29 01:34:42 # local_time=2012-11-29 02:34:42 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 6127016 6127016 0 0 # compatibility_mode=5893 16776573 100 94 190350 105818937 0 0 # compatibility_mode=8192 67108863 100 0 3753 3753 0 0 # scanned=151641 # found=0 # cleaned=0 # scan_time=7015 |
|
02.12.2012, 16:19
| #8 |
| /// Helfer-Team | Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefunden Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
02.12.2012, 17:08
| #9 |
| | Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefunden PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 17.0 ist aktuell Flash (11,5,502,110) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 11,0,0,379 ist aktuell. PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 17.0 ist aktuell Flash (11,5,502,110) ist aktuell. Java ist Installiert aber nicht aktiviert. Adobe Reader 11,0,0,379 ist aktuell. |
|
02.12.2012, 17:49
| #10 |
| /// Helfer-Team | Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefunden Sehr gut!  damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
02.12.2012, 18:48
| #11 |
| | Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefunden Vielen Dank für die Anleitungen und Hilfe. Einfach super! Habe alle Schritte durchgeführt und nur noch folgendes ist beim cleanen mit CCleaner übrig geblieben (auch nach mehrmaligem cleanen). {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} Gruß volkyleo |
|
04.12.2012, 20:29
| #12 |
| /// Helfer-Team | Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefunden Ist OK, gehoert zu Avira |
|
| Themen zu Mystart Incredibar unabsichtlich installiert und Exploit.Java.CVE mit Emisoft gefunden |
| 1clickdownload, abgebrochen, anleitung, erstellung, exploit.java.cve, folge, forum, gen, ib updater, install.exe, installiert, laufen, leitung, lenovo, neue, neuen, nvidia update, nvpciflt.sys, plug-in, poste, posts, programme, programmen, quarantäne, richtlinie, safer networking, scan, schlechte, schließe, systems, systemsteuerung, thread, toolbar, traces, würde |
