| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Infizierte Dateiobjekte in der RegistryWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.01.2013, 17:49
| #61 |
 |  Infizierte Dateiobjekte in der RegistryCode:
ATTFilter IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\authui.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\msiltcfg.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\msi.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\msi.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\wdmaud.drv[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\AUDIOSES.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\msacm32.drv[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\midimap.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\MsftEdit.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\netutils.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\SyncCenter.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\stobject.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\BatMeter.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\prnfldr.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\dxp.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\Syncreg.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\ehome\ehSSO.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\netshell.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\nlaapi.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\AltTab.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\pnidui.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\QUtil.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\wevtapi.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\wpdshserviceobj.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\Actioncenter.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\fxsst.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\fxsst.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\FXSAPI.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\PortableDeviceTypes.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\PortableDeviceApi.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\srchadmin.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\UIAnimation.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\wlanutil.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\QAgent.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\imapi2.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\hgcpl.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\provsvc.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\PSAPI.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\ieframe.DLL[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\ieframe.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\ieframe.DLL[KERNEL32.dll!SuspendThread] [80060000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\werconcpl.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\msxml6.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\msxml6.dll[KERNEL32.dll!SuspendThread] [80060000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\rasman.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\rtutils.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\hcproviders.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\SPPC.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\WinSATAPI.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\WinSATAPI.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\dxgi.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\twext.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\COMDLG32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\syncui.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\SYNCENG.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\acppage.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\sfc_os.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\NetworkExplorer.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\DeviceCenter.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!SuspendThread] [80060000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\FirewallAPI.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\EhStorAPI.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\HelpPaneProxy.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\van.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\RasMM.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\WWanMM.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\WlanMM.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\OneX.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\eappprxy.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\eappcfg.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\hkcmd.exe[3452] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\hkcmd.exe[3452] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\hkcmd.exe[3452] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\hkcmd.exe[3452] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Windows\System32\hkcmd.exe[3452] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\hkcmd.exe[3452] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\hkcmd.exe[3452] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\hkcmd.exe[3452] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\hkcmd.exe[3452] @ C:\Windows\System32\dwmapi.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\hkcmd.exe[3452] @ C:\Windows\System32\dwmapi.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Windows\System32\igfxpers.exe[3460] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\igfxpers.exe[3460] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\igfxpers.exe[3460] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\igfxpers.exe[3460] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\igfxpers.exe[3460] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Windows\System32\igfxpers.exe[3460] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\igfxpers.exe[3460] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\igfxpers.exe[3460] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\igfxpers.exe[3460] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\igfxpers.exe[3460] @ C:\Windows\System32\dwmapi.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\igfxpers.exe[3460] @ C:\Windows\System32\dwmapi.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Windows\System32\igfxpers.exe[3460] @ C:\Windows\System32\IccLibDll_x64.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\igfxpers.exe[3460] @ C:\Windows\system32\PSAPI.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\igfxpers.exe[3460] @ C:\Windows\System32\WINSTA.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\PSAPI.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\netutils.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\COMDLG32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\COMCTL32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\System32\MMDevApi.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\System32\PROPSYS.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\AUDIOSES.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3640] @ C:\Windows\system32\PSAPI.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3640] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3640] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3640] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3640] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\COMCTL32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\COMDLG32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\NLAapi.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\wshbth.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\System32\winrnr.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\PSAPI.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] @ C:\Windows\system32\COMDLG32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] @ C:\Windows\system32\oledlg.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] @ C:\Windows\system32\PSAPI.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!TerminateProcess] [80000000]
IAT C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!TerminateThread] [80030000]
IAT C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!TerminateProcess] [80000000]
---- Devices - GMER 2.0 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80049d62c0
Device \Driver\atapi \Device\Ide\IdePort0 fffffa80049d62c0
Device \Driver\atapi \Device\Ide\IdePort1 fffffa80049d62c0
Device \Driver\atapi \Device\Ide\IdePort2 fffffa80049d62c0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80049d62c0
Device \FileSystem\Ntfs \Ntfs fffffa80049dc2c0
Device \Driver\usbehci \Device\USBPDO-1 fffffa80055532c0
Device \Driver\cdrom \Device\CdRom0 fffffa80053032c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{ED1D7B55-04AB-40A4-B957-EBC1E80911D4} fffffa80053b52c0
Device \Driver\usbehci \Device\USBFDO-0 fffffa80055532c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{1DE9DE4B-D0FC-47E6-BC06-204E2E20AB45} fffffa80053b52c0
Device \Driver\usbehci \Device\USBFDO-1 fffffa80055532c0
Device \Driver\volmgr \Device\HarddiskVolume1 fffffa80049d22c0
Device \Driver\volmgr \Device\FtControl fffffa80049d22c0
Device \Driver\volmgr \Device\VolMgrControl fffffa80049d22c0
Device \Driver\volmgr \Device\HarddiskVolume2 fffffa80049d22c0
Device \Driver\volmgr \Device\HarddiskVolume3 fffffa80049d22c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{6FE6BAC3-E33E-46EB-8477-B5A8961B8F76} fffffa80053b52c0
Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80053b52c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{D6E59064-F253-4315-9797-CC562B8FC2D9} fffffa80053b52c0
Device \Driver\atapi \Device\ScsiPort0 fffffa80049d62c0
Device \Driver\usbehci \Device\USBPDO-0 fffffa80055532c0
Device \Driver\atapi \Device\ScsiPort1 fffffa80049d62c0
Device \Driver\atapi \Device\ScsiPort2 fffffa80049d62c0
---- Trace I/O - GMER 2.0 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys >>UNKNOWN [0xfffffa80049d62c0]<< sprn.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa80049d62c0
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d78790] fffffa8004d78790
Trace 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004c95cb0] fffffa8004c95cb0
Trace 5 stdcfltn.sys[fffff88001b19c52] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b42680] fffffa8004b42680
Trace \Driver\atapi[0xfffffa8004aa0dd0] -> IRP_MJ_CREATE -> 0xfffffa80049d62c0 fffffa80049d62c0
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc77376d1a7c
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc77376d1a7c (not active ControlSet)
---- EOF - GMER 2.0 ----
|
|
01.02.2013, 09:38
| #62 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Infizierte Dateiobjekte in der Registry Bitte hab noch etwas Geduld, das ist hier ein sehr schwieriger Fall. Ich berate das gerade mit meinen anderen Kollegen.
__________________
__________________ |
|
01.02.2013, 09:43
| #63 |
| | Infizierte Dateiobjekte in der Registry Kein Problem. Ich bin dir (bzw. euch) sehr dankbar, dass du so viel Zeit und Energie investierst!
__________________Herzliche Grüße Jasmina Hallo Cosinus, ich habe noch mal einen Scan mit Avira gemacht. Und da kam eine Meldung zu einem versteckten , dass beim Rootkitscan gefunden wurde. So weit ich mich erinnere war die Meldung vorher noch nicht da. Ich poste dir hier mal den Bericht. Vielleicht nützt es ja was? Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 1. Februar 2013 15:29
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Administrator
Computername : NICOJAS-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 04.12.2012 14:37:47
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 28.11.2012 14:09:15
LUKE.DLL : 13.6.0.400 67360 Bytes 04.12.2012 11:13:05
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 04.12.2012 14:37:55
AVREG.DLL : 13.6.0.406 248096 Bytes 04.12.2012 17:40:31
avlode.dll : 13.6.1.402 428832 Bytes 04.12.2012 14:36:57
avlode.rdf : 13.0.0.36 10917 Bytes 29.01.2013 13:12:36
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 12:43:11
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 15:13:05
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 15:13:05
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 15:13:05
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 15:13:05
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 15:13:05
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 15:13:05
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 15:13:06
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 15:13:06
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 15:13:06
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 15:13:07
VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 15:13:07
VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 15:13:07
VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 15:13:08
VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 15:13:08
VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 18:46:05
VBASE023.VDF : 7.11.58.49 140288 Bytes 22.01.2013 19:19:22
VBASE024.VDF : 7.11.58.119 137728 Bytes 24.01.2013 06:07:19
VBASE025.VDF : 7.11.58.175 132608 Bytes 25.01.2013 06:45:30
VBASE026.VDF : 7.11.58.213 116736 Bytes 27.01.2013 13:27:52
VBASE027.VDF : 7.11.59.68 1887744 Bytes 31.01.2013 12:54:48
VBASE028.VDF : 7.11.59.69 2048 Bytes 31.01.2013 12:54:48
VBASE029.VDF : 7.11.59.70 2048 Bytes 31.01.2013 12:54:48
VBASE030.VDF : 7.11.59.71 2048 Bytes 31.01.2013 12:54:48
VBASE031.VDF : 7.11.59.100 101888 Bytes 01.02.2013 12:03:56
Engineversion : 8.2.10.244
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.86 467323 Bytes 31.01.2013 18:55:40
AESCN.DLL : 8.1.10.0 131445 Bytes 19.01.2013 15:13:15
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 19.01.2013 15:13:15
AEPACK.DLL : 8.3.1.2 819574 Bytes 19.01.2013 15:13:15
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 14:00:38
AEHEUR.DLL : 8.1.4.192 5710199 Bytes 31.01.2013 18:55:40
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32
AEGEN.DLL : 8.1.6.16 434549 Bytes 25.01.2013 06:07:20
AEEXP.DLL : 8.3.0.18 188789 Bytes 31.01.2013 18:55:40
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 19.01.2013 15:13:10
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 28.11.2012 14:05:52
AVREP.DLL : 13.4.0.360 177952 Bytes 28.11.2012 14:06:10
AVARKT.DLL : 13.6.0.402 260384 Bytes 04.12.2012 14:36:03
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 04.12.2012 11:04:02
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54
NETNT.DLL : 13.4.0.360 15648 Bytes 28.11.2012 14:07:51
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.11.2012 14:09:40
RCTEXT.DLL : 13.4.0.360 68384 Bytes 28.11.2012 14:09:40
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Suche nach Rootkits und aktiver Malware
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +JOKE,
Beginn des Suchlaufs: Freitag, 1. Februar 2013 15:29
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '157' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'EKAiOHostService.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'EKPrinterSDK.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'rfx-server.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'cchservice.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'rndlresolversvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'ccsync.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIA.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '150' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'stage_primary.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'EKIJ5000MUI.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'wintmr.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'psi_tray.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'stage_secondary.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'webtmr.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2980' Dateien ).
Ende des Suchlaufs: Freitag, 1. Februar 2013 15:42
Benötigte Zeit: 12:32 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
5 Verzeichnisse wurden überprüft
6722 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
6722 Dateien ohne Befall
48 Archive wurden durchsucht
0 Warnungen
1 Hinweise
793371 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
|
|
01.02.2013, 17:04
| #64 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Dateiobjekte in der RegistryZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.02.2013, 18:54
| #65 |
| | Infizierte Dateiobjekte in der Registry Juchhuuuu! Du bist ein Held!   Ja, es war die Saalfeld KiSi. Ich habe sie nicht deinstalliert, sondern erst mal die Einstellungen geändert. Ich vermute, dass das mit dem letzten update entstanden ist. Werde mich mal mit der Firma in Verbindung setzen weil ich mich NIE selber aus dem Zugriff auf das System ausgeschlossen habe. Es tut mir wirklich sehr, sehr leid, dass du wegen so was so viel Arbeit mit mir hattest. Entschuldige bitte!  Also es funktioniert wieder die Systemwiederherstellung, abgesicherter Modus und die Einstellungen in der Registry sind auch wieder geändert. Danke, danke, danke 1000 Mal danke. Jetzt habe ich nur noch das Problem, dass sich bei Firefox immer Werbefenster öffnen, obwohl ich die Pop ups bei den Einstellungen abgehakt habe. Kannst du mir da einen Tipp geben?  |
|
01.02.2013, 19:11
| #66 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Dateiobjekte in der Registry Sehr geil, ich hatte das irgendwie schon vermutet, dann aber warum auch immer verdrängt. Bin wohl hier zu sehr im Multitasking  adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Infizierte Dateiobjekte in der Registry |
|
02.02.2013, 08:55
| #67 |
| | Infizierte Dateiobjekte in der Registry Hallo Cosinus, alles erledigt. Hier die Ergebnisse:  Code:
ATTFilter # AdwCleaner v2.109 - Datei am 02/02/2013 um 08:58:56 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jasmina - NICOJAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jasmina.NICOJAS-PC\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
-\\ Google Chrome v [Version kann nicht ermittelt werden]
*************************
AdwCleaner[R4].txt - [965 octets] - [02/02/2013 08:24:06]
AdwCleaner[R5].txt - [1024 octets] - [02/02/2013 08:25:44]
AdwCleaner[S3].txt - [959 octets] - [02/02/2013 08:58:56]
########## EOF - C:\AdwCleaner[S3].txt - [1018 octets] ##########
Code:
ATTFilter OTL logfile created on: 02.02.2013 09:03:21 - Run 7 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jasmina.NICOJAS-PC\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 58,54% Memory free 7,79 Gb Paging File | 5,93 Gb Available in Paging File | 76,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 265,66 Gb Total Space | 85,14 Gb Free Space | 32,05% Space Free | Partition Type: NTFS Drive D: | 200,00 Gb Total Space | 199,45 Gb Free Space | 99,72% Space Free | Partition Type: NTFS Computer Name: NICOJAS-PC | User Name: Jasmina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jasmina.NICOJAS-PC\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe () PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () PRC - D:\Tobit Radio.fx\Server\rfx-server.exe () PRC - C:\Windows\SysWOW64\cchservice.exe (Salfeld Computer) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Radio.fx) -- D:\Tobit Radio.fx\Server\rfx-server.exe () SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (ksupmgr) -- C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (HPub4DE3) -- C:\Windows\SysNative\drivers\HPub4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HPMo4DE3) -- C:\Windows\SysNative\drivers\HPMo4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (AVer7231_x64) -- C:\Windows\SysNative\drivers\AVer7231_x64.sys (AVerMedia TECHNOLOGIES, Inc.) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 C1 6B 32 28 28 CD 01 [binary data] IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1005\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..CT2269050.browser.search.defaultthis.engineName: true FF - prefs.js..CT2481020.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll (ParallelGraphics) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.22 10:27:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.21 12:13:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.24 10:58:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 15:07:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.24 10:58:35 | 000,000,000 | ---D | M] [2012.05.20 09:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\Extensions [2013.01.29 15:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\Firefox\Profiles\zd0m12fn.default\extensions [2012.11.08 11:39:07 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\Firefox\Profiles\zd0m12fn.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.02.25 12:43:49 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\firefox\profiles\zd0m12fn.default\extensions\personas@christopher.beard.xpi [2012.12.12 11:21:18 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\firefox\profiles\zd0m12fn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.01.19 12:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.01.19 12:34:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.22 10:27:36 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2013.01.19 12:34:37 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.12.22 10:27:18 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - homepage: http://www.google.com/ CHR - Extension: YouTube = C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Google Mail = C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2013.01.31 15:35:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\.DEFAULT..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-18..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Jasmina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Nico.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Nico.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Nico.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FE6BAC3-E33E-46EB-8477-B5A8961B8F76}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.02 08:21:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jasmina.NICOJAS-PC\Desktop\OTL.exe [2013.02.01 09:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.01 09:18:06 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.01 09:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.01 09:16:26 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.70.0.1100.exe [2013.01.31 16:37:57 | 000,352,855 | ---- | C] (Farbar) -- C:\Users\Jasmina.NICOJAS-PC\Desktop\FSS.exe [2013.01.31 15:38:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.01.31 15:35:27 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.31 15:28:45 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.01.31 14:06:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.31 14:06:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.31 14:06:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.31 14:06:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.31 14:05:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.31 13:59:17 | 005,028,839 | R--- | C] (Swearware) -- C:\Users\Jasmina.NICOJAS-PC\Desktop\ComboFix.exe [2013.01.31 06:09:24 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Desktop 2013 [2013.01.30 17:37:33 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013.01.30 16:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies [2013.01.30 16:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner [2013.01.30 16:00:48 | 005,053,696 | ---- | C] (Macrovision Corporation) -- C:\Program Files\IsoBurner-Setup.exe [2013.01.30 09:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Navilog1 [2013.01.29 15:25:41 | 000,246,216 | ---- | C] (Salfeld Computer) -- C:\Windows\SysWow64\wdrvhook.dll [2013.01.29 12:06:05 | 000,000,000 | ---D | C] -- C:\Device [2013.01.29 10:15:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.01.29 09:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc [2013.01.28 08:48:25 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Diagnostics [2013.01.27 16:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.24 11:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer [2013.01.24 11:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Viewer [2013.01.24 10:57:31 | 019,443,001 | ---- | C] (Tracker Software Products Ltd ) -- C:\Program Files\PDFXVwer.exe [2013.01.23 21:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dienstprogramme [2013.01.23 14:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013.01.23 14:14:20 | 003,137,416 | ---- | C] (Secunia) -- C:\Program Files\PSISetup6001.exe [2013.01.21 12:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2013.01.20 17:37:17 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Antivirus Logs etc [2013.01.19 16:22:17 | 004,178,040 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup326.exe [2013.01.19 16:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\Avira [2013.01.19 16:12:28 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.19 16:12:28 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.19 16:12:28 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.19 16:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.01.19 16:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.01.19 12:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.18 09:13:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.18 09:13:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.18 09:13:07 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.16 16:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Definitions [2013.01.16 16:42:12 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.01.14 08:43:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\20-20 Technologies [2013.01.10 08:31:56 | 020,151,664 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 18.0.exe [2013.01.09 15:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.01.09 06:39:45 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 06:39:45 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 06:39:33 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 06:39:31 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 06:39:20 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 06:39:20 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 06:39:20 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 06:39:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 06:39:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 06:39:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 06:39:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 06:39:20 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 06:39:20 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 06:39:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 06:39:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 06:39:20 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 06:39:20 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 06:39:20 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 06:39:20 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 06:39:20 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 06:39:20 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 06:39:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 06:39:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 06:39:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 06:39:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 06:39:20 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 06:39:20 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 06:39:19 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 06:39:19 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 06:39:18 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 06:39:18 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 06:39:18 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 06:39:18 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 06:39:18 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 06:39:18 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 06:39:18 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 06:38:46 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 06:38:46 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 06:38:45 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 06:38:45 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 06:38:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 06:38:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 06:38:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 06:38:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 06:38:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 06:38:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 06:38:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 06:38:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 06:38:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 06:38:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 06:38:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 06:38:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 06:38:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.09 06:38:16 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.06 11:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak [2013.01.06 11:43:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\kodak [2013.01.06 11:42:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2013.01.06 11:35:42 | 010,000,984 | ---- | C] (Eastman Kodak Company) -- C:\Program Files\aio_install.exe [2013.01.04 08:37:05 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Programs [2012.12.22 10:27:43 | 000,016,384 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\wmdmhelper.dll [2012.12.22 10:27:42 | 001,115,376 | ---- | C] (Gracenote) -- C:\Program Files\cddbmusicid.dll [2012.12.22 10:27:42 | 000,943,344 | ---- | C] (Gracenote) -- C:\Program Files\cddblink.dll [2012.12.22 10:27:42 | 000,641,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjbres.dll [2012.12.22 10:27:42 | 000,370,176 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjdlg.dll [2012.12.22 10:27:42 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\dunzip32.dll [2012.12.22 10:27:42 | 000,045,568 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\ierjplug.dll [2012.12.22 10:27:42 | 000,031,232 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjprog.dll [2012.12.22 10:27:42 | 000,008,704 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\fixrjb.exe [2012.12.22 10:27:41 | 002,041,072 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\cddbcontrol.dll [2012.12.22 10:27:41 | 000,073,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tsasdk.dll [2012.12.22 10:27:41 | 000,044,544 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\mmcdda32.dll [2012.12.22 10:27:41 | 000,022,528 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tnetdtct.dll [2012.12.22 10:27:40 | 009,159,680 | ---- | C] (MediaArea.net) -- C:\Program Files\mediainfo.dll [2012.12.22 10:27:40 | 000,389,272 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realcleaner.exe [2012.12.22 10:27:40 | 000,056,320 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpwa3260.dll [2012.12.22 10:27:40 | 000,048,640 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tpasdk.dll [2012.12.22 10:27:40 | 000,044,736 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshellsearch.dll [2012.12.22 10:27:31 | 000,383,640 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realconverter.exe [2012.12.22 10:27:31 | 000,354,968 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\convert.exe [2012.12.22 10:27:23 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll [2012.12.22 10:27:23 | 000,390,384 | ---- | C] (MainConcept GmbH) -- C:\Program Files\mc_enc_mp4v.dll [2012.12.22 10:27:23 | 000,389,272 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realtrimmer.exe [2012.12.22 10:27:23 | 000,136,336 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realshare.exe [2012.12.22 10:27:23 | 000,115,200 | ---- | C] (RealPlayer) -- C:\Program Files\rpshellextension.dll [2012.12.22 10:27:23 | 000,069,632 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjwmapln.dll [2012.12.22 10:27:22 | 000,047,616 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpau3260.dll [2012.12.22 10:27:18 | 000,030,368 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rndevicedbbuilder.exe [2012.12.22 10:27:17 | 000,112,824 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rdsf3260.dll [2012.12.22 10:27:17 | 000,087,552 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\hxaudiodevicehook.dll [2012.12.22 10:27:17 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpplugprot.dll [2012.12.22 10:27:17 | 000,070,840 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshell.dll [2012.12.22 10:27:17 | 000,017,080 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rphelperapp.exe [2012.12.22 10:27:17 | 000,009,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realjbox.exe [2012.12.22 10:27:16 | 000,500,888 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realplay.exe [2012.12.22 08:43:14 | 000,766,272 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer16_de.exe [2012.11.22 09:36:25 | 019,650,144 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 17.0.exe [2012.11.22 09:35:36 | 019,231,504 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 17.0.exe [2012.11.13 11:16:01 | 000,895,464 | ---- | C] (Oracle Corporation) -- C:\Program Files (x86)\jxpiinstall.exe [2012.11.13 10:15:40 | 018,090,960 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 16.0.2.exe [2012.11.13 10:11:21 | 018,580,512 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 16.0.2.exe [2012.11.02 13:40:21 | 000,955,488 | ---- | C] (NCH Software) -- C:\Program Files\wpsetup-5.18.exe [2012.11.01 14:39:24 | 009,814,632 | ---- | C] (Ashampoo GmbH & Co. KG ) -- C:\Program Files\ashampoo_burning_studio_6_free_6.81_3639.exe [2012.10.15 15:25:45 | 005,922,048 | ---- | C] (ManiacTools.com ) -- C:\Program Files\m4a-to-mp3-70converter.exe [2012.09.20 06:45:49 | 008,782,120 | ---- | C] (Tobit.Software) -- C:\Program Files\radiorecorder-setup.exe [2012.09.11 12:51:11 | 014,894,636 | ---- | C] (Gougelet Pierre-e ) -- C:\Program Files\XnView1991-win-full-de.exe [2012.09.07 06:33:50 | 017,653,976 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 15.0.1.exe [2012.08.30 06:12:27 | 018,365,488 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 15.0.exe [2012.08.30 06:10:52 | 017,655,464 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 15.0.exe [2012.08.25 14:15:13 | 076,021,168 | ---- | C] (The GIMP Team ) -- C:\Program Files\gimp-2.8.2-setup.exe [2012.08.12 12:22:26 | 018,503,824 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 14.0.exe [2012.06.12 06:31:47 | 013,107,424 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Full.exe [2012.06.12 06:09:52 | 018,362,696 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 13.0.exe [2012.06.11 18:11:49 | 017,301,984 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\AdobeAIRInstaller.exe [2012.06.11 17:27:14 | 016,418,456 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 13.0.exe [2012.05.19 22:53:40 | 001,292,648 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web_15.4.3555.exe [2012.05.15 12:30:33 | 040,437,664 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe [2012.05.02 06:57:45 | 016,179,464 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 12.0.exe [2012.04.30 17:46:07 | 017,449,712 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 12.0.1.exe [2012.04.05 09:20:03 | 026,534,080 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Program Files (x86)\FreeAudioCDBurner.exe [2012.04.02 12:04:59 | 027,672,000 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Program Files (x86)\FreeYouTubeToiPodConverter_3.10.17.exe [2012.02.25 09:42:27 | 006,674,008 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files (x86)\Shockwave_Installer_Slim.exe [2012.02.25 09:40:38 | 039,401,336 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\QuickTimeInstaller.exe [2012.02.24 10:16:36 | 000,763,408 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe [2008.04.11 09:09:24 | 000,093,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1049.dll [2008.04.11 07:03:48 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.exe [2008.04.11 07:03:48 | 000,097,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1036.dll [2008.04.11 07:03:48 | 000,096,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.3082.dll [2008.04.11 07:03:48 | 000,096,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1031.dll [2008.04.11 07:03:48 | 000,095,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1040.dll [2008.04.11 07:03:48 | 000,091,152 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1033.dll [2008.04.11 07:03:48 | 000,081,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1041.dll [2008.04.11 07:03:48 | 000,079,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1042.dll [2008.04.11 07:03:48 | 000,076,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1028.dll [2008.04.11 07:03:48 | 000,075,792 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.2052.dll ========== Files - Modified Within 30 Days ========== [2013.02.02 09:07:42 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.02 09:07:42 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.02 09:07:34 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.02 09:07:34 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.02 09:07:34 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.02 09:07:34 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.02 09:07:34 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.02 09:02:23 | 000,001,226 | ---- | M] () -- C:\Windows\SysWow64\excltmp~.dat [2013.02.02 09:00:53 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.02 09:00:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.02 09:00:02 | 3137,994,752 | -HS- | M] () -- C:\hiberfil.sys [2013.02.02 08:58:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.02 08:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.02 08:22:48 | 000,012,632 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\otl anweisung.odt [2013.02.02 08:21:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmina.NICOJAS-PC\Desktop\OTL.exe [2013.02.02 08:21:06 | 000,580,235 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\adwcleaner.exe [2013.02.02 08:02:01 | 000,000,475 | ---- | M] () -- C:\NET.INI [2013.02.01 18:40:27 | 000,000,172 | ---- | M] () -- C:\Windows\SysWow64\cchservice.err [2013.02.01 09:18:07 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.01 09:16:28 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.70.0.1100.exe [2013.01.31 17:07:08 | 000,365,568 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\gmer_2.0.18454.exe [2013.01.31 16:37:58 | 000,352,855 | ---- | M] (Farbar) -- C:\Users\Jasmina.NICOJAS-PC\Desktop\FSS.exe [2013.01.31 15:42:13 | 000,000,024 | ---- | M] () -- C:\Windows\SysWow64\SWCTL.DLL [2013.01.31 15:35:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.01.31 14:00:01 | 005,028,839 | R--- | M] (Swearware) -- C:\Users\Jasmina.NICOJAS-PC\Desktop\ComboFix.exe [2013.01.30 16:25:48 | 296,022,016 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\kav_rescue_10.iso [2013.01.30 16:02:13 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2013.01.30 16:00:50 | 005,053,696 | ---- | M] (Macrovision Corporation) -- C:\Program Files\IsoBurner-Setup.exe [2013.01.28 08:32:54 | 000,007,604 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\resmon.resmoncfg [2013.01.27 20:28:27 | 000,013,806 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Admin.odt [2013.01.24 10:58:04 | 019,443,001 | ---- | M] (Tracker Software Products Ltd ) -- C:\Program Files\PDFXVwer.exe [2013.01.24 09:53:56 | 000,002,767 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\recently-used.xbel [2013.01.23 14:20:55 | 000,001,089 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.01.23 14:14:26 | 003,137,416 | ---- | M] (Secunia) -- C:\Program Files\PSISetup6001.exe [2013.01.21 12:14:10 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.01.19 16:22:18 | 004,178,040 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup326.exe [2013.01.19 16:04:21 | 105,661,272 | ---- | M] () -- C:\Program Files\avira_free_antivirus_de.exe [2013.01.19 12:24:55 | 000,012,793 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Sätze 2.odt [2013.01.19 12:24:25 | 000,013,615 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Verben 2.odt [2013.01.19 12:23:47 | 000,016,176 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Sätze-Lösungen 2.odt [2013.01.12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.10 08:33:13 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.10 08:32:39 | 020,151,664 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 18.0.exe [2013.01.10 08:29:37 | 017,301,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\AdobeAIRInstaller.exe [2013.01.09 16:27:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 16:27:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.09 12:09:59 | 000,424,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.06 11:35:52 | 010,000,984 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\aio_install.exe ========== Files Created - No Company Name ========== [2013.02.02 08:22:46 | 000,012,632 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\otl anweisung.odt [2013.02.02 08:21:05 | 000,580,235 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\adwcleaner.exe [2013.02.01 18:39:46 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\cchservice.err [2013.02.01 09:18:07 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.31 17:04:25 | 000,365,568 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\gmer_2.0.18454.exe [2013.01.31 15:42:13 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL [2013.01.31 14:06:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.31 14:06:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.31 14:06:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.31 14:06:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.31 14:06:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.30 16:10:48 | 296,022,016 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\kav_rescue_10.iso [2013.01.30 16:02:13 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2013.01.28 08:41:33 | 000,013,806 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Admin.odt [2013.01.28 08:32:13 | 000,007,604 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\resmon.resmoncfg [2013.01.25 07:30:50 | 000,001,226 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat [2013.01.24 09:53:56 | 000,002,767 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\recently-used.xbel [2013.01.23 21:06:22 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip.lnk [2013.01.23 14:20:55 | 000,001,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.01.23 14:20:55 | 000,001,052 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.01.19 12:24:53 | 000,012,793 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Sätze 2.odt [2013.01.19 12:24:23 | 000,013,615 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Verben 2.odt [2013.01.19 12:19:06 | 000,016,176 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Sätze-Lösungen 2.odt [2012.12.22 10:27:42 | 000,002,851 | ---- | C] () -- C:\Program Files\cdroms.cfg [2012.12.22 10:27:40 | 000,119,808 | ---- | C] () -- C:\Program Files\waiting.avi [2012.12.22 10:27:40 | 000,067,473 | ---- | C] () -- C:\Program Files\realplay.chm [2012.12.22 10:27:40 | 000,027,278 | ---- | C] () -- C:\Program Files\frw.bmp [2012.12.22 10:27:40 | 000,016,296 | ---- | C] () -- C:\Program Files\realtfon.fon [2012.12.22 10:27:31 | 000,476,724 | ---- | C] () -- C:\Program Files\converter.vs [2012.12.22 10:27:23 | 000,045,428 | ---- | C] () -- C:\Program Files\sharemedia.vs [2012.12.22 10:27:23 | 000,001,209 | ---- | C] () -- C:\Program Files\flvplay.swf [2012.12.22 10:27:22 | 000,033,157 | ---- | C] () -- C:\Program Files\RealNetworks License.html [2012.12.22 10:27:22 | 000,033,157 | ---- | C] () -- C:\Program Files\playrlic.html [2012.12.22 10:27:21 | 001,109,306 | ---- | C] () -- C:\Program Files\normal.vs [2012.12.22 10:27:21 | 000,061,495 | ---- | C] () -- C:\Program Files\ssimages.vs [2012.12.22 10:27:21 | 000,000,480 | ---- | C] () -- C:\Program Files\keys.dat [2012.12.22 10:27:17 | 000,001,161 | ---- | C] () -- C:\Program Files\autoplaylist.dat [2012.12.22 10:27:17 | 000,000,043 | ---- | C] () -- C:\Program Files\strs23.dat [2012.12.22 10:27:17 | 000,000,013 | ---- | C] () -- C:\Program Files\strs26.dat [2012.12.22 10:27:16 | 000,427,405 | ---- | C] () -- C:\Program Files\calibrate.rv [2012.12.22 10:27:16 | 000,017,846 | ---- | C] () -- C:\Program Files\videotest.rm [2012.12.22 10:27:16 | 000,000,221 | ---- | C] () -- C:\Program Files\subscription.rnx [2012.12.22 10:27:16 | 000,000,177 | ---- | C] () -- C:\Program Files\freeoffers.rnx [2012.12.15 13:46:18 | 022,916,830 | ---- | C] () -- C:\Program Files\vlc-2.0.5-win32.exe [2012.12.15 13:06:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012.09.27 10:19:36 | 000,013,824 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.20 06:46:53 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2012.08.29 08:03:59 | 000,160,350 | ---- | C] () -- C:\Program Files\JavaRa.zip [2012.08.29 07:42:01 | 009,672,192 | ---- | C] () -- C:\Program Files\Adobe_Flash_Player_AX_11.4.402.265_SPS.exe [2012.08.29 07:41:24 | 015,567,360 | ---- | C] () -- C:\Program Files\Adobe_AIR_3.4.0.2540_SPS.exe [2012.08.27 10:09:16 | 152,249,762 | ---- | C] () -- C:\Program Files\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2012.08.15 11:05:18 | 009,697,792 | ---- | C] () -- C:\Program Files\ShockwavePlayer_11.6.6.636_SPS.exe [2012.07.15 09:39:36 | 022,657,136 | ---- | C] () -- C:\Program Files\vlc-2.0.2-win32.exe [2012.06.27 07:54:46 | 009,679,360 | ---- | C] () -- C:\Program Files\Shockwaveplayer_11.6.4.634.exe [2012.06.17 18:54:57 | 000,000,271 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\burnaware.ini [2012.06.12 06:48:02 | 007,656,960 | ---- | C] () -- C:\Program Files\cortona3d.msi [2012.06.12 06:05:13 | 000,441,829 | ---- | C] () -- C:\Program Files\ade-tb-13.0.c.xpi [2012.06.11 08:53:53 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.05.29 09:37:28 | 151,893,470 | ---- | C] () -- C:\Program Files\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_de.exe [2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.05.22 06:51:22 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.05.19 14:32:36 | 000,278,643 | ---- | C] () -- C:\Program Files\fast_video_download-4.1.6-fx.zip [2012.05.19 14:22:36 | 196,941,888 | ---- | C] () -- C:\Program Files\ALDI Bestellsoftware Setup.exe [2012.05.11 07:57:44 | 029,272,056 | ---- | C] () -- C:\Program Files\SaalDesignSoftware2.9.2.exe [2012.05.05 16:00:03 | 004,998,707 | ---- | C] () -- C:\Program Files\flvplayer_setup20_25.exe [2012.03.27 12:48:40 | 000,253,952 | ---- | C] () -- C:\Program Files\OOo_3.3.9567.500.exe [2012.02.25 09:57:51 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe [2012.02.25 09:57:49 | 000,000,626 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini [2012.02.25 09:38:55 | 004,998,707 | ---- | C] () -- C:\Program Files (x86)\flvplayer_setup20_25.exe [2012.02.24 16:58:29 | 000,000,140 | -H-- | C] () -- C:\Windows\SysWow64\ctlsw.ini [2012.02.24 11:05:44 | 018,980,864 | ---- | C] () -- C:\Program Files\SkypeSetup_5.8.0.156.msi [2012.02.24 10:48:18 | 031,870,976 | ---- | C] () -- C:\Program Files\PXCViewer_x6425201.msi [2012.02.24 10:47:54 | 001,376,768 | ---- | C] () -- C:\Program Files\7z920-x64.msi [2012.02.24 10:35:22 | 105,661,272 | ---- | C] () -- C:\Program Files\avira_free_antivirus_de.exe [2012.02.24 10:15:24 | 168,166,968 | ---- | C] () -- C:\Program Files\OOo_3.3.0_Win_x86_install-wJRE_de.exe [2012.02.22 08:07:19 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.11.30 01:26:12 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.11.30 01:26:09 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.11.30 01:26:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_6B071461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_5B011461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_3B011461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A031461_ca.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A031461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_1C011461_61.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin [2011.11.30 01:23:23 | 000,000,436 | ---- | C] () -- C:\Windows\11317231_1C0F1461_41.bin [2011.11.30 01:23:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin [2011.11.30 01:23:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_3B0f1461_ca.bin [2011.11.30 01:23:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin [2011.11.30 01:23:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin [2011.11.30 01:23:23 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin [2011.11.30 01:23:23 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin [2011.11.30 01:23:22 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin [2011.11.30 01:23:22 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin [2011.11.30 01:23:22 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_0B001461_aa.bin [2011.11.30 01:23:22 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin [2008.04.11 09:11:40 | 000,233,472 | ---- | C] () -- C:\Program Files\VC_RED.MSI [2008.04.11 09:09:38 | 003,797,292 | ---- | C] () -- C:\Program Files\VC_RED.cab [2008.04.11 09:07:18 | 000,005,686 | ---- | C] () -- C:\Program Files\vcredist.bmp [2008.04.11 09:07:18 | 000,001,110 | ---- | C] () -- C:\Program Files\globdata.ini [2008.04.11 09:07:18 | 000,000,843 | ---- | C] () -- C:\Program Files\install.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.02.2013 09:03:21 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jasmina.NICOJAS-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 58,54% Memory free
7,79 Gb Paging File | 5,93 Gb Available in Paging File | 76,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 265,66 Gb Total Space | 85,14 Gb Free Space | 32,05% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 199,45 Gb Free Space | 99,72% Space Free | Partition Type: NTFS
Computer Name: NICOJAS-PC | User Name: Jasmina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B9EF93-80A8-4845-BBEA-E57E652BBCAF}" = rport=445 | protocol=6 | dir=out | app=system |
"{06E9E081-AF16-48F3-A65C-45D38EFFFDC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13482F04-C479-4714-A5ED-39793B8AAE1D}" = rport=139 | protocol=6 | dir=out | app=system |
"{13E37376-E86C-4019-A725-370DBA1C472E}" = rport=138 | protocol=17 | dir=out | app=system |
"{19ABAAFE-5469-4D69-ADA2-4699E51AAFCF}" = lport=445 | protocol=6 | dir=in | app=system |
"{22BA7DA7-E3C4-47BD-BD6A-B114541112F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2AA89C74-81DA-40D8-903C-81F5681F1A55}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{34E72618-0DA7-47D5-A7A0-F15510D9E758}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{482FEDE2-F7D7-4FCF-BC03-256AAC6974E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49716C09-3F9C-404E-B180-E4081D0BBDC8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4A808828-8225-46D2-87EC-5E577FAB1B3A}" = lport=139 | protocol=6 | dir=in | app=system |
"{6EEE79D5-2A03-486E-9097-D0C7BAD265DF}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{99CBA5AC-9892-45B9-8760-B588F1E908B0}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{A2DF74D5-A568-4A13-A040-D2D95D6C75DE}" = rport=137 | protocol=17 | dir=out | app=system |
"{A3589360-384E-4156-A3A9-B670DC44F140}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ADCF185E-AB3F-49C7-B4C6-6FEECB08A98F}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9814FB7-C5B3-41F3-913D-6FC368B5C6E6}" = lport=138 | protocol=17 | dir=in | app=system |
"{F82628F2-3F45-4F25-BAAA-14803BF0F409}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DE7700-6E5A-4350-9F44-2A7432769CCB}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{02F141FE-498D-4574-A66D-58E2561D793C}" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k13\nba2k13.exe |
"{126782C9-2354-44F3-8F23-A92D102A4E93}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{2F2EB0A3-4B90-4E33-8C0C-80A6A9C83A72}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{2F5BDC80-D4CF-46DA-BFFF-FB1A05C2693B}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{300ACAB8-ACF5-4FC8-A2ED-1BF12C2151CD}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{36C3CA04-80CA-4D39-B6C5-AF220F844087}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{3AB28388-7EB4-46AA-8C6D-806B6571D56D}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{3B630698-B25B-41DF-8EF9-E2B396B0B083}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{3CAEF7AF-5FBE-4237-9D6F-D6C0A7991314}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{3E609762-8618-4993-A50C-77D22F878630}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{43CBC248-7E0B-477C-8DB0-449AE476C7D5}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{45B64134-8F9D-49F1-8940-F8D85BA68411}" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k13\nba2k13.exe |
"{461D9763-7840-401C-8EA8-A9016EAFB6A0}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{4B4AC4D5-F226-4ED8-91F7-5BF8E74E2912}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4D4EFD79-8431-489B-ACBF-22842823D940}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5CE13E4F-212C-42A3-98D7-C10DCBBAEAB8}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{6286D4F7-67FF-4293-AA87-AC04E642A996}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{673EE027-9D91-408D-8E7F-F9EAE8AA5195}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{7FBC02D6-A43E-46B5-B55E-F878996E72CA}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{80514CFD-8048-4C14-B844-9891D4854D21}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{83AF232F-8E60-4AE4-91F3-177AADA4C95D}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{86B3BA1A-EB42-41EB-8BE5-ED2F3CCD803F}" = protocol=17 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{8A47FCBE-4950-4015-8D01-2C2AC9895ED7}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{8A76F869-12AA-4BBE-8D9F-B97FFECBF30E}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{91EB51CE-59DF-48E1-BAF4-52E98B8F4352}" = protocol=17 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{97EB7143-70C5-495B-B9AF-62423A6EB4CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{9B906E24-8273-4393-AA06-F8A6FDA9FFC3}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9E64C8F7-38F7-4211-9F24-27502D9F9377}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{A2834B87-C86E-4D08-90B2-DA67BCA1716B}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{A301FAD5-5412-4D17-BFE7-FECBF23E370B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A7F89437-5CF4-4291-AC2D-3A780F3ABEE7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD7E8F19-BBB9-4C22-A1A9-13145F003618}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BE688A9C-1735-4E3E-A89C-BC83633D49E9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{BF64C12D-723D-4411-A3FB-77E0F02E6A4A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{C290BE6A-1286-4F6B-8429-B0EC7335FEE4}" = protocol=6 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{C8790961-8656-4860-9076-A2D6623D10E5}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{CC860D3A-C81A-4786-878A-4D6E17556474}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{CD406032-BF04-4303-912E-D7130F577CF8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CD7240F0-B94F-46EF-926F-AAE573567F82}" = protocol=6 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{DC484A61-D39E-484F-ABAC-79D0B001A970}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E590CA35-BF4B-43AB-AD11-E1DFA3E5E85F}" = dir=in | app=c:\program files (x86)\dell stage\videostage\videostage.exe |
"{EB9E90E3-6809-4C85-8486-954384E4415E}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"TCP Query User{2C129A0F-15ED-4EB5-B1D1-52762861834F}C:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{415EE727-2686-4681-A0CC-B633456BC9A1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{44F9B41D-F81E-4237-B65C-495E923A0A91}C:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{56412238-720A-46B5-A739-61A80F922067}C:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9B9701E4-29D1-4FF2-979C-8597475BDD6F}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{D1677699-5DF9-4125-9F3C-4687B71E4538}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{E0CFE6E6-8D1F-4EA9-8CB2-172678AAC4F5}C:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe |
"UDP Query User{01DE79D1-8DE7-4447-ADB8-56C8B3C7497B}C:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{2F8A7DF9-1087-41D1-8A2C-9992D60A33F1}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{40F012E4-AE29-44CC-BD71-803C69499479}C:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe |
"UDP Query User{5DEF9C85-2CF8-4430-B799-143CCE815566}C:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe |
"UDP Query User{7D3AE024-0E92-4F74-A165-5F405D7115A1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{BA636B01-B9F1-4665-9285-7B080D1B5368}C:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{FC56FE20-5872-4926-A640-6CA999CC5F9B}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E90B7F4-1817-4405-B4A5-E4EA5EC0E2B3}" = Dell MusicStage
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D96B6543-A0C0-4351-AF96-73DEF1DD6820}" = NBA 2K13
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DEACDFFA-D424-416F-B849-FA282F55B2CE}" = Cortona3D Viewer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}" = Dell Stage
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.12.1
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"ExpressZip" = Express Zip
"FLV Player" = FLV Player 2.0 (build 25)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.10.32.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Kindersicherung_is1" = Kindersicherung 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MixPad" = MixPad Audiodatei-Mixer
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PrintProjects" = PrintProjects
"RealPlayer 16.0" = RealPlayer
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"Tobit Radio.fx Server 1" = WDR RadioRecorder
"Video Converter" = Video Converter
"VLC media player" = VLC media player 2.0.5
"WavePad" = WavePad Audiobearbeitungs-Software
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.10.2012 06:21:15 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:24:30 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:24:30 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:26:43 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:26:43 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:26:53 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:26:53 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:27:03 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:27:03 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:44:26 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:44:26 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
[ Media Center Events ]
Error - 20.03.2012 15:11:39 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:11:34 - Fehler beim Herstellen der Internetverbindung. 20:11:34
- Serververbindung konnte nicht hergestellt werden..
Error - 20.03.2012 16:11:42 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 21:11:42 - Fehler beim Herstellen der Internetverbindung. 21:11:42
- Serververbindung konnte nicht hergestellt werden..
Error - 20.03.2012 16:11:51 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 21:11:47 - Fehler beim Herstellen der Internetverbindung. 21:11:47
- Serververbindung konnte nicht hergestellt werden..
Error - 05.05.2012 14:52:38 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:44:58 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status
404: Die angeforderte URL ist auf diesem Server nicht vorhanden. )
Error - 22.05.2012 14:13:50 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:13:50 - Fehler beim Herstellen der Internetverbindung. 20:13:50
- Serververbindung konnte nicht hergestellt werden..
Error - 22.05.2012 14:14:07 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:13:55 - Fehler beim Herstellen der Internetverbindung. 20:13:55
- Serververbindung konnte nicht hergestellt werden..
Error - 13.07.2012 14:26:21 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:26:21 - Fehler beim Herstellen der Internetverbindung. 20:26:21
- Serververbindung konnte nicht hergestellt werden..
Error - 13.07.2012 14:26:39 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:26:27 - Fehler beim Herstellen der Internetverbindung. 20:26:27
- Serververbindung konnte nicht hergestellt werden..
Error - 24.08.2012 15:46:57 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 21:46:57 - Fehler beim Herstellen der Internetverbindung. 21:46:57
- Serververbindung konnte nicht hergestellt werden..
Error - 24.08.2012 15:47:42 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 21:47:11 - Fehler beim Herstellen der Internetverbindung. 21:47:11
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 01.02.2013 13:40:19 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.02.2013 13:40:19 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.02.2013 13:40:19 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.02.2013 13:40:19 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.02.2013 13:41:04 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 01.02.2013 13:41:33 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 02.02.2013 02:58:43 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 02.02.2013 02:59:21 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 02.02.2013 04:00:05 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 02.02.2013 04:00:35 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
< End of report >
Geändert von Rheingold (02.02.2013 um 09:17 Uhr) |
|
02.02.2013, 15:29
| #68 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Dateiobjekte in der Registry Mal ein Beispiel: Zitat:
Sonst sieht soweit alles gut aus, Funde gabs ja keine mehr und das mit der SWH war Gott sei Dank kein Schädling sondern lag an dieser Crapware von Kindersicherung  Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2013, 17:16
| #69 |
| | Infizierte Dateiobjekte in der Registry Hallo, danke für den Tipp mit den Setups. Ich wusste nicht, ob ich die löschen kann oder nicht. Die Firefox Einstellung zu Cookies nach jeder Sitzung löschen habe ich schon. Die genannten Programme werde ich installieren. Java (TM) 6 Update 33 kann ich nicht deinstallieren. Es kommt dann die Meldung "Es liegt ein dieses Windows Installer-Pakte betreffendes Problem vor. Eine für den Abschluss der Installation erforderliche DLL konnte nicht ausgeführt werden." Kann ich das einfach so belassen oder ist das eine Gefahrenquelle für meinen PC? Ansonsten ist alles wieder okay! Thanks a lot! Jasmina |
|
02.02.2013, 17:19
| #70 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Dateiobjekte in der Registry Java6u33 ist uralt, deinstallieren! Installiere falls du Java überhaupt brauchst das gerade jetzt aktuelle Java7u13 aber lass es am besten erstmal komplett weg. Java wird sogut wie garnicht mehr benötigt. Weitere Überprüfung der Plugins kannst du hier machen => https://www.mozilla.org/de/plugincheck/
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2013, 19:40
| #71 |
| | Infizierte Dateiobjekte in der Registry Java (TM) 6 Update 33 kann ich nicht deinstallieren. Es kommt dann die Fehlermeldung "Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Eine für den Abschluss der Installation erforderliche DLL konnte nicht ausgeführt werden".  Java 7 habe ich entfernt. VG, Jasmina |
|
03.02.2013, 01:31
| #72 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Dateiobjekte in der Registry Probier dein Glück hiermit => Revo Uninstaller - Download - Filepony
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.02.2013, 08:38
| #73 |
| | Infizierte Dateiobjekte in der Registry Hi Cosinus! Ja, mit Revo hat's funktioniert. Jetzt läuft alles wieder super! Ganz herzlichen Dank an dich und noch ein schönes Restwochenende! Viele Grüße, Jasmina  |
|
| Themen zu Infizierte Dateiobjekte in der Registry |
| ad-aware, aktion, anhang, avira, bösartig, ergebnisse, folge, folgendes, funktionier, gefunde, hoffe, infizierte, liste, logfile, meldung, microsoft, programme, registrierung, registry, scan, software, weiterhelfen, win32/sweetim.c, windows, windows.tool.disabled |
Linear-Darstellung
