| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: .exe Datei wurde einfach gedownloadetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.12.2012, 19:54
| #1 |
 |  .exe Datei wurde einfach gedownloadet Hallo, ich bin neulich auf eine Seite gekommen, indem ohne meiner Erlaubnis ein .exe Datei versucht wurde zu speichern (DivXInstaller9_update.exe). Ich habe den Download noch abrechen können, möchte meinen PC aber trotzdem gerne überprüfen lassen von euch da ich Online-Banking betreibe. Danke im Voraus Mb Scan: Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.20.09 Windows 7 x64 NTFS Internet Explorer 9.10.9200.16453 Duc :: PC [Administrator] Schutz: Aktiviert 20.12.2012 19:23:45 mbam-log-2012-12-20 (19-23-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 377286 Laufzeit: 29 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
20.12.2012, 20:07
| #2 |
| /// Selecta Jahrusso   | .exe Datei wurde einfach gedownloadet Bitte folge den Anweisungen hier und poste die geforderten Logfiles. http://www.trojaner-board.de/69886-a...-beachten.html
__________________ |
|
20.12.2012, 20:25
| #3 |
| | .exe Datei wurde einfach gedownloadet Tschuldigung. Hier die restlichen Scans.
__________________OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.12.2012 20:09:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Duc\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16453) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 31,21% Memory free 7,86 Gb Paging File | 4,01 Gb Available in Paging File | 51,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1287,16 Gb Total Space | 1220,84 Gb Free Space | 94,85% Space Free | Partition Type: NTFS Drive E: | 110,00 Gb Total Space | 109,89 Gb Free Space | 99,89% Space Free | Partition Type: NTFS Computer Name: PC | User Name: Duc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.20 20:09:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Duc\Downloads\OTL.exe PRC - [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012.11.02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2011.08.04 17:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE PRC - [2011.01.15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ========== Modules (No Company Name) ========== MOD - [2012.12.05 02:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.07.26 05:46:56 | 002,366,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.07.26 04:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 04:07:30 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.07.26 04:07:27 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 04:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 04:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 04:05:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 04:05:11 | 000,174,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2012.12.12 18:14:59 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.11.02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.01 20:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose64) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.05 19:11:36 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2012.11.06 08:36:14 | 000,096,488 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.11.06 08:35:34 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.11.02 00:07:02 | 000,208,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa) DRV:64bit: - [2012.10.26 16:42:22 | 004,758,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.10.26 16:42:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012.10.26 04:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.11 06:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.09.19 10:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.09.04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 06:00:58 | 000,337,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 06:00:58 | 000,212,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 06:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 06:00:55 | 000,028,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.07.26 06:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 06:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 05:59:35 | 000,148,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 03:28:27 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 03:27:31 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid) DRV:64bit: - [2012.07.26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp) DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr) DRV:64bit: - [2012.07.26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp) DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.06.02 15:32:01 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RTL85n64.sys -- (RTL85n64) DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV - [2010.02.17 14:21:12 | 000,108,256 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\SleeN1764.sys -- (SLEE_17_DRIVER) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 FC EE 5A 13 D3 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) [2012.10.01 20:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - Extension: YouTube = C:\Users\Duc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Duc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\Duc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.51_0\ O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [StartMenuX] C:\Programme\Start Menu X\StartMenuX.exe (OrdinarySoft) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1964F827-014A-4F33-AC7F-131AD06EC4C1}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.20 19:22:53 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\vlc [2012.12.20 19:20:47 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\Malwarebytes [2012.12.20 19:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.20 19:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.20 19:19:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.20 19:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.20 19:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.12.20 19:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012.12.16 18:50:12 | 000,000,000 | ---D | C] -- C:\Users\Duc\Documents\Benutzerdefinierte Office-Vorlagen [2012.12.16 13:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2012.12.16 00:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Online-Banking 2012 [2012.12.16 00:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steganos Online-Banking 2012 [2012.12.16 00:13:33 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\Steganos [2012.12.14 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\WinRAR [2012.12.14 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.14 15:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.14 15:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.12.13 16:13:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.11 18:14:32 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012.12.11 18:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.12.11 18:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.12.11 18:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012.12.09 20:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.12.08 10:07:38 | 000,000,000 | ---D | C] -- C:\Windows\ehome [2012.12.06 20:52:17 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice [2012.12.06 15:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2012.12.06 15:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012.12.06 15:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2012.12.06 15:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012.12.06 15:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.06 15:55:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.12.06 15:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2012.12.06 15:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2012.12.06 15:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.12.06 15:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.12.06 15:54:42 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Local\Microsoft Help [2012.12.06 15:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.12.06 15:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.12.06 15:54:34 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.12.06 15:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2012.12.06 15:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes [2012.12.06 15:40:53 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\Download Manager [2012.12.06 15:31:31 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\Skype [2012.12.06 15:31:29 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.12.06 15:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.06 15:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.12.06 15:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.12.06 15:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.12.06 15:20:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.06 15:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.12.05 19:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2012.12.05 19:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2012.12.05 19:52:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX [2012.12.05 19:52:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter [2012.12.05 19:52:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2 [2012.12.05 19:52:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP [2012.12.05 19:52:21 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\Canon [2012.12.05 19:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM [2012.12.05 19:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool [2012.12.05 19:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series Benutzerregistrierung [2012.12.05 19:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2012.12.05 19:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2012.12.05 19:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2012.12.05 19:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2012.12.05 19:48:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2012.12.05 19:47:59 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2012.12.05 19:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series [2012.12.05 19:47:31 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2012.12.05 19:47:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING [2012.12.05 19:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2012.12.05 19:36:20 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\AVG2013 [2012.12.05 19:35:49 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\TuneUp Software [2012.12.05 19:35:36 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.12.05 19:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012.12.05 19:35:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012.12.05 19:32:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.05 19:32:13 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Local\MFAData [2012.12.05 19:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.12.05 19:32:13 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Local\Avg2013 [2012.12.05 19:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.12.05 19:29:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.12.05 19:29:57 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Local\Google [2012.12.05 19:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu X [2012.12.05 19:23:29 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\StartMenuX [2012.12.05 19:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\StartMenuX [2012.12.05 19:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Start Menu X [2012.12.05 19:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.12.05 19:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics [2012.12.05 19:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics [2012.12.05 19:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2012.12.05 19:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.12.05 19:15:40 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.12.05 19:15:40 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.12.05 19:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.12.05 19:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.12.05 19:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.12.05 19:14:48 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.12.05 19:12:03 | 000,683,664 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt630x64.sys [2012.12.05 19:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.12.05 19:11:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.12.05 19:10:39 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll [2012.12.05 19:09:48 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2012.12.05 19:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2012.12.05 19:09:29 | 000,000,000 | ---D | C] -- C:\Intel [2012.12.05 19:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd [2012.12.05 19:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd [2012.12.05 19:07:19 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\Macromedia [2012.12.05 19:06:43 | 000,000,000 | R--D | C] -- C:\Users\Duc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.12.05 19:06:43 | 000,000,000 | R--D | C] -- C:\Users\Duc\Searches [2012.12.05 19:06:43 | 000,000,000 | R--D | C] -- C:\Users\Duc\Contacts [2012.12.05 19:06:43 | 000,000,000 | R--D | C] -- C:\Users\Duc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.12.05 19:06:39 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\Adobe [2012.12.05 19:06:18 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Local\VirtualStore [2012.12.05 19:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache [2012.12.05 19:06:07 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Local\Packages [2012.12.05 19:06:03 | 000,000,000 | --SD | C] -- C:\Users\Duc\AppData\Roaming\Microsoft [2012.12.05 19:06:03 | 000,000,000 | R--D | C] -- C:\Users\Duc\Videos [2012.12.05 19:06:03 | 000,000,000 | R--D | C] -- C:\Users\Duc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2012.12.05 19:06:03 | 000,000,000 | R--D | C] -- C:\Users\Duc\Saved Games [2012.12.05 19:06:03 | 000,000,000 | R--D | C] -- C:\Users\Duc\Pictures [2012.12.05 19:06:03 | 000,000,000 | R--D | C] -- C:\Users\Duc\Music [2012.12.05 19:06:03 | 000,000,000 | R--D | C] -- C:\Users\Duc\Links [2012.12.05 19:06:03 | 000,000,000 | R--D | C] -- C:\Users\Duc\Favorites [2012.12.05 19:06:03 | 000,000,000 | R--D | C] -- C:\Users\Duc\Downloads [2012.12.05 19:06:03 | 000,000,000 | R--D | C] -- C:\Users\Duc\Documents [2012.12.05 19:06:03 | 000,000,000 | R--D | C] -- C:\Users\Duc\Desktop [2012.12.05 19:06:03 | 000,000,000 | R--D | C] -- C:\Users\Duc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.12.05 19:06:03 | 000,000,000 | R--D | C] -- C:\Users\Duc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\Vorlagen [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\AppData\Local\Verlauf [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\AppData\Local\Temporary Internet Files [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\Startmenü [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\SendTo [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\Recent [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\Netzwerkumgebung [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\Lokale Einstellungen [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\Documents\Eigene Videos [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\Documents\Eigene Musik [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\Eigene Dateien [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\Documents\Eigene Bilder [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\Druckumgebung [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\Cookies [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\AppData\Local\Anwendungsdaten [2012.12.05 19:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Duc\Anwendungsdaten [2012.12.05 19:06:03 | 000,000,000 | -H-D | C] -- C:\Users\Duc\AppData [2012.12.05 19:06:03 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Local\Temp [2012.12.05 19:06:03 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Local\Microsoft [2012.12.05 19:06:03 | 000,000,000 | ---D | C] -- C:\Users\Duc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.12.05 19:06:03 | 000,000,000 | ---D | C] -- C:\Windows\CSC [2012.12.05 19:05:53 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.12.05 19:04:49 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.12.05 19:04:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.12.05 19:04:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.12.05 19:04:48 | 000,000,000 | -HSD | C] -- C:\Programme [2012.12.05 19:04:48 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.12.05 19:04:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.12.05 19:04:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.12.05 19:04:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.12.05 19:04:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.12.05 19:04:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.12.05 19:04:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.12.05 19:00:03 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.12.05 18:59:22 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.12.05 18:58:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther ========== Files - Modified Within 30 Days ========== [2012.12.20 20:08:54 | 000,000,000 | ---- | M] () -- C:\Users\Duc\defogger_reenable [2012.12.20 19:35:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.20 19:35:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.20 19:23:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.20 19:12:53 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.12.20 17:37:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.18 16:49:45 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2012.12.18 16:49:44 | 3421,143,040 | -HS- | M] () -- C:\hiberfil.sys [2012.12.17 14:29:06 | 000,430,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.16 18:33:48 | 001,654,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.16 18:33:48 | 000,714,240 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.16 18:33:48 | 000,674,750 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.16 18:33:48 | 000,147,840 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.16 18:33:48 | 000,124,636 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.16 10:47:35 | 000,010,240 | ---- | M] () -- C:\Users\Duc\Documents\Meine Konten.stb [2012.12.16 00:13:45 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Steganos Online-Banking.lnk [2012.12.14 14:30:49 | 000,000,222 | ---- | M] () -- C:\Users\Duc\Desktop\Call of Duty Black Ops II - Zombies.url [2012.12.13 15:46:31 | 000,000,222 | ---- | M] () -- C:\Users\Duc\Desktop\Call of Duty Black Ops II.url [2012.12.12 20:28:30 | 000,000,222 | ---- | M] () -- C:\Users\Duc\Desktop\Call of Duty Black Ops II - Multiplayer.url [2012.12.11 18:14:32 | 000,000,221 | ---- | M] () -- C:\Users\Duc\Desktop\Metro 2033.url [2012.12.11 18:06:15 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012.12.09 20:04:10 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.12.06 18:59:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2012.12.06 15:54:00 | 000,001,254 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2012.12.06 15:31:29 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.12.05 19:54:52 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2012.12.05 19:49:49 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk [2012.12.05 19:30:53 | 000,002,285 | ---- | M] () -- C:\Users\Duc\Desktop\Google Chrome.lnk [2012.12.05 19:11:44 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2012.12.05 19:11:36 | 000,683,664 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt630x64.sys [2012.12.05 19:10:39 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll [2012.12.05 19:09:19 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2012.12.05 19:00:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf ========== Files Created - No Company Name ========== [2012.12.20 20:08:54 | 000,000,000 | ---- | C] () -- C:\Users\Duc\defogger_reenable [2012.12.20 19:19:37 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.20 19:12:53 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.12.17 14:28:55 | 000,430,352 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.16 10:46:22 | 000,010,240 | ---- | C] () -- C:\Users\Duc\Documents\Meine Konten.stb [2012.12.16 00:13:45 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Steganos Online-Banking.lnk [2012.12.14 14:30:49 | 000,000,222 | ---- | C] () -- C:\Users\Duc\Desktop\Call of Duty Black Ops II - Zombies.url [2012.12.13 16:22:43 | 000,385,604 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2012.12.13 15:46:31 | 000,000,222 | ---- | C] () -- C:\Users\Duc\Desktop\Call of Duty Black Ops II.url [2012.12.12 20:28:30 | 000,000,222 | ---- | C] () -- C:\Users\Duc\Desktop\Call of Duty Black Ops II - Multiplayer.url [2012.12.11 18:14:32 | 000,000,221 | ---- | C] () -- C:\Users\Duc\Desktop\Metro 2033.url [2012.12.11 18:06:15 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012.12.08 10:05:42 | 000,031,841 | ---- | C] () -- C:\Windows\ProfessionalWMC.xml [2012.12.06 18:59:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2012.12.06 15:54:00 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2012.12.06 15:31:29 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.12.05 19:54:52 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2012.12.05 19:50:57 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\CNC1754D.TBL [2012.12.05 19:49:49 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk [2012.12.05 19:35:49 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.12.05 19:30:53 | 000,002,285 | ---- | C] () -- C:\Users\Duc\Desktop\Google Chrome.lnk [2012.12.05 19:30:01 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.05 19:30:00 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.05 19:15:58 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012.12.05 19:15:14 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.05 19:09:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.12.05 19:06:39 | 000,001,442 | ---- | C] () -- C:\Users\Duc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.12.05 19:04:07 | 3421,143,040 | -HS- | C] () -- C:\hiberfil.sys [2012.12.05 19:00:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2012.12.05 18:59:24 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys [2012.10.26 16:42:24 | 000,336,232 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.10.26 16:42:22 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.10.26 16:42:22 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.26 01:48:53 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.05 19:36:20 | 000,000,000 | ---D | M] -- C:\Users\Duc\AppData\Roaming\AVG2013 [2012.12.05 19:52:21 | 000,000,000 | ---D | M] -- C:\Users\Duc\AppData\Roaming\Canon [2012.12.05 19:23:49 | 000,000,000 | ---D | M] -- C:\Users\Duc\AppData\Roaming\StartMenuX [2012.12.16 10:44:13 | 000,000,000 | ---D | M] -- C:\Users\Duc\AppData\Roaming\Steganos [2012.12.05 19:35:49 | 000,000,000 | ---D | M] -- C:\Users\Duc\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > extras.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.12.2012 20:09:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Duc\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 31,21% Memory free
7,86 Gb Paging File | 4,01 Gb Available in Paging File | 51,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1287,16 Gb Total Space | 1220,84 Gb Free Space | 94,85% Space Free | Partition Type: NTFS
Drive E: | 110,00 Gb Total Space | 109,89 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Duc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08145BD4-D35D-4151-94C8-3E77F029B95E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B2FEBAE-7D7E-4324-B434-61B8F9AB08C3}" = lport=137 | protocol=17 | dir=in | app=system |
"{0F99D229-A0A4-471C-93D8-7560400D61C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1D254C53-85F4-4F64-AEA3-75E1ECFA4A22}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{33513E08-D375-49FD-A994-E8C75C0A20C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{345EB036-E8FA-4C7C-B79D-E85FC6574213}" = lport=10243 | protocol=6 | dir=in | app=system |
"{39472887-E9F3-46A0-A59F-F3114C64E9A6}" = lport=138 | protocol=17 | dir=in | app=system |
"{4523202F-2EA8-4A9E-9F97-E793495BAEB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5078CE74-2E7C-4A6B-A63C-5F2F03C7784D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5AAA3C4E-9903-4D55-927E-8B61EDBFAC82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6286FE39-BEB6-47CB-ABF6-D8E7832A57FC}" = rport=445 | protocol=6 | dir=out | app=system |
"{72DE7083-92E8-444A-8210-BEB1187226D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76B18895-DDEF-4273-89E6-00E62204608B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{7E372F8F-ACAF-4BD9-B70E-BB15B3B12241}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{816497AF-7F6B-4E1C-B2FF-4E429D421D6D}" = rport=138 | protocol=17 | dir=out | app=system |
"{92E467E6-7451-40F0-B988-A548EFE7EA8B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9D573AD-F6C8-4A1D-8028-646195AEB0D6}" = lport=445 | protocol=6 | dir=in | app=system |
"{BD383AB5-C45E-4D67-BD1B-DB44A95A753E}" = lport=139 | protocol=6 | dir=in | app=system |
"{E14B9FD8-A73C-4E2D-8F21-A427ABD2D7F5}" = rport=139 | protocol=6 | dir=out | app=system |
"{EB47A407-4178-4198-AB9F-53045A263D86}" = rport=137 | protocol=17 | dir=out | app=system |
"{EBBE22BC-6EED-4DD9-A684-E4F6E24F7728}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F14513C8-6A30-4E95-A9A4-F486381498E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02395640-A815-430C-A0AD-CBB8508AEFD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{03D6082E-1897-4928-93F7-7B9E1F71D794}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B9B44D1-D7D4-4073-B029-AA139CF094E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BFE36C9-BB6F-4ACB-82FC-6C557BCC995A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1864EA66-FDA3-45A2-A974-55B75D391A79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{1A4E18DA-A78C-44B7-BACD-4EB6D5DC0DDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1AD3E5FD-5C36-416B-BD31-A6AA4CD10A6F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C1D0301-1C3A-47A8-B19E-CFD46458704B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{1E83A5C5-5B6E-4E27-A9A0-58CB0EA940FA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1F689775-2347-46D7-BA40-64E8E2192033}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2669CEAF-8107-4045-9316-BFE5982C443C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{26E458C3-655C-4346-ABAC-AEA659A4A5AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{2AAF53B3-412E-419F-9BA6-EE945305FD75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{2CA6CE12-7D40-4E80-B72E-D10547ADD717}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{2EE05903-2854-4A24-9DA5-61D849B66E58}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{320C7F06-399C-4D7F-867A-02B13EE7E1B6}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{35AF2155-5781-4D3B-97D2-5A7575B6777E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C0E0CBD-6845-4E04-9A3A-5E92FD577D0D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{3C64EB43-3C0A-48D1-8ADF-6A6EE9F458E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{4069F910-0E6E-4233-A426-9C0865B360B4}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{41DCD50F-D2BA-4106-B85D-CF96B773D73F}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{45C0423F-81D6-4836-8F1E-F18C3F4FCBD8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{4654CE52-BB81-40D2-B806-F244B04B3E32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4F77BAC9-B8E7-4819-A3B4-E30DB9FADA72}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{5089CC32-9E49-4172-AAAD-EF8B4E915FD6}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{588F42BA-7ACE-437D-B605-31863CF2D2A9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{5A820130-72A1-46E2-9218-6D781CD1097C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5D9DD05D-E9B8-4F63-ACE6-F1EAB3D1C6DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{610E3076-B98D-4922-AF40-C67B625A7D90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{6ACD750A-F649-47F2-A0A2-85668A784B81}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{6CE22305-7722-4FD7-8D60-233EA59B5A49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6CF2872F-44F6-4E76-93D7-9084B86FC0CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{6F62F31E-1687-47BB-A880-F9BCC6C3BEAF}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{74576298-0960-4172-B3EF-B5F4B965A154}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{85920A7C-D2E0-4610-B7BF-AEECEDBF5EE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{868EC7DE-0911-4DCE-8EBF-513E0BC2C2FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{89B9F220-F8B6-432D-A9F3-3D2209F6F590}" = protocol=6 | dir=out | app=system |
"{8AA1B0D6-A0E9-4060-85F7-F0D8A5215FCD}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{8E79C5B2-3148-47AF-971C-975D967DD7D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A08AD869-A144-40E5-BF01-3522D3B6690B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{A0E59358-0646-4F8F-B941-7EEDA9743F51}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{A2000C4C-D87F-4662-AD69-09EDE533AF29}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{A38EFA4D-96A3-43EA-B3B3-8BEEA7AD38C6}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{A6E120FE-3A71-4CD8-80C6-E6F51A8A7A21}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AAA84A57-C1E9-4F46-A046-FDEC5F462350}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{AB1DB64E-B8DA-4D2D-9DC8-AF4A9946F277}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{ACE9B2FC-6D45-432B-A029-D94F65EBE8DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACFE7B3B-BDE1-4C40-BF9C-F25E90844D7A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AF69A72F-3972-4671-B8DF-49450E21BEFF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{B8C8AEAC-ECA8-4626-9787-9A2196220D80}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{BBBFE515-19FE-40B0-88E8-919EBF82B26D}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{CC599B9F-5837-421B-89D6-5B3BCB9FB48F}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{CFFFEADD-CB35-401D-8FC8-71B76DA366AF}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{D0961F70-86C2-4267-87F1-F7D991D6A928}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D449CC86-658E-4044-9C51-A961C642CA03}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{E0A5EE40-2DF8-407F-B860-DEDCE0D3823E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{E0A77A4F-DAB0-4312-8C02-78B62FC2E11E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{E36E88B1-52E6-4D9D-9380-6EB976E07892}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EA7A007E-BE47-4A8F-B765-B15CD30BAC25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EACD3606-E19F-4962-8CB5-72D60AD8A0B5}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{EAF5913D-8DCE-4C30-89F6-891B29DF6DE5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{F0BBB377-1419-4FA5-BA43-92FF33807EF2}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{3E494002-985C-4908-B72C-5B4DD15BE090}_is1" = Start Menu X Version 4.47
"{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"AVG" = AVG 2013
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BF72DD91-089A-43A0-A18E-57BC67E2B8A5}" = Steganos Online-Banking 2012
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 43110" = Metro 2033
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.12.2012 10:10:08 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: t6mp.exe, Version: 1.0.0.1, Zeitstempel:
0x50c7e94a Name des fehlerhaften Moduls: XAudio2_7.dll, Version: 9.29.1962.0, Zeitstempel:
0x4c0641e5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002526c ID des fehlerhaften Prozesses:
0xbc8 Startzeit der fehlerhaften Anwendung: 0x01cddc5d515706d5 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops
II\t6mp.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\XAudio2_7.dll Berichtskennung:
75e1540d-4853-11e2-be6f-bcaec5e393b3 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 17.12.2012 12:00:03 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: t6zm.exe, Version: 1.0.0.1, Zeitstempel:
0x50c7e9e3 Name des fehlerhaften Moduls: t6zm.exe, Version: 1.0.0.1, Zeitstempel:
0x50c7e9e3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000875f0 ID des fehlerhaften Prozesses:
0x19a0 Startzeit der fehlerhaften Anwendung: 0x01cddc6f85bf8ef0 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops
II\t6zm.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Steam\steamapps\common\Call
of Duty Black Ops II\t6zm.exe Berichtskennung: d1433d4a-4862-11e2-be6f-bcaec5e393b3
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 18.12.2012 09:25:37 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Canon\Solution Menu EX\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.12.2012 09:25:38 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Canon\Solution Menu EX\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.12.2012 11:51:29 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Canon\Solution Menu EX\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.12.2012 11:51:29 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Canon\Solution Menu EX\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 19.12.2012 07:49:59 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Canon\Solution Menu EX\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 19.12.2012 07:49:59 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Canon\Solution Menu EX\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.12.2012 09:30:42 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Canon\Solution Menu EX\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.12.2012 09:30:43 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Canon\Solution Menu EX\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 16.12.2012 12:43:56 | Computer Name = PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 16.12.2012 13:27:36 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 16.12.2012 13:29:36 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 16.12.2012 13:29:36 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 16.12.2012 15:36:22 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 17.12.2012 09:29:16 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 17.12.2012 09:29:18 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 17.12.2012 10:44:31 | Computer Name = PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 18.12.2012 11:49:58 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 18.12.2012 11:49:59 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
< End of report >
Gmer Log ist zu lang... edit: ups, hab ja ein 64 bit System (Windows 8 Pro 64 bit). Gmer war also überflüssig? |
|
21.12.2012, 13:23
| #4 |
| /// Selecta Jahrusso | .exe Datei wurde einfach gedownloadet Sieht alles OK aus.
Code:
ATTFilter :otl
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
:commands
[emptytemp]
ESET Online Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
22.12.2012, 11:57
| #5 | |
| | .exe Datei wurde einfach gedownloadet Ok, hier die Logs. Ich hatte letztens 2 Programme installiert und seitdem sehe ich 2 unbekannte Verknüfungen ("Search the web" "Sweetfixpc"). Desweiteren wurde eine Toolbar für den IE mitinstalliert. Vielleicht kannst du mir helfen die zu entfernen. Zitat:
all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=dff6ed55c5538a4c82de755f8dc1ffaa # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-22 11:51:11 # local_time=2012-12-22 12:51:11 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=5893 16776574 100 94 500105 12906983 0 0 # scanned=167470 # found=1 # cleaned=0 # scan_time=3072 C:\Users\Duc\Downloads\vlc-2.0.4-win64.exe Win32/StartPage.OPH trojan (unable to clean) 19C2F2D8240ECE94024EB39A413F3B554E56B20D I |
|
22.12.2012, 16:34
| #6 |
| /// Selecta Jahrusso | .exe Datei wurde einfach gedownloadet Sehen wir mal nach. Direkte Malware sehe ich in den Logs keine  Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> .exe Datei wurde einfach gedownloadet |
|
23.12.2012, 13:19
| #7 | |
| | .exe Datei wurde einfach gedownloadet Vielen Dank, die Verknüpfungen sind weg. Kann ich jetzt bedenkenlos Online-Banking weiter machen? Zitat:
|
|
23.12.2012, 18:11
| #8 |
| /// Selecta Jahrusso | .exe Datei wurde einfach gedownloadet Ja, kannst du. Wenn du mit Defogger irgendwelche Treiber deaktiviert hast, starte bitte Defogger und klicke den Re-enable Button. Defogger wir gegebenfalls einen Neustart verlangen. Dies bitte zulassen. Wichtig: Sollte es eine Fehlermeldung geben, poste bitte die Defogger_reenable Log hier. Downloade dir bitte OTC Starte das Tool mit Doppelklick. Dies wird die meisten Logfiles, Tools usw die wir benötigt haben, entfernen. Sollte etwas bestehen bleiben, bitte manuell löschen. Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
28.12.2012, 03:23
| #9 |
| /// Selecta Jahrusso | .exe Datei wurde einfach gedownloadet Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
23.02.2013, 17:17
| #10 |
| Administrator /// technical service  | .exe Datei wurde einfach gedownloadet hier gehts weiter: http://www.trojaner-board.de/131422-...7-0-0-1-a.html |
|
| Themen zu .exe Datei wurde einfach gedownloadet |
| administrator, anti-malware, autostart, bösartige, datei, dateien, download, e-banking, einfach, erlaubnis, explorer, gen, minute, online-banking, registrierung, scan, seite, speicher, speichern, test, update.exe, version, versucht, verzeichnisse, überprüfe, überprüfen |
Textbox.
Linear-Darstellung
