| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Link in GMX-Mail angeklickt - Folgen???Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.03.2013, 18:39
| #1 |
| |  Link in GMX-Mail angeklickt - Folgen??? Tja, nun ist es mir auch passiert... Da kam eine Email über GMX rein, von einer Bekannten, die nur einen Link enthielt. Da mir der Absender bekannt war, war ich nicht so vorsichtig wie sonst und habe den Link geöffnet. Beim Klick auf den Link öffnete sich eine Werbeseite, die ich sofort wieder geschlossen habe. Dummerweise erst danach habe ich bei der Bekannten nachgefragt, ob die Email wirklich von ihr kam, was natürlich nicht der Fall war. Die Email mit dem Link habe ich noch. Gibt es eine Möglichkeit zu prüfen, ob der Link mit was infiziert war und ich mir was eingefangen habe? Zur Vorwarnung: Ich bin älter, nicht mit PC aufgewachsen, reiner Anwender und habe wirklich NULL-Ahnung von den ganzen Programmen und Schritten, die ich hier in anderen Postings gelesen habe. Ich weiß also nicht, ob ich das alleine hinbekomme. Ich habe hier Windows Vista drauf und AVG Anti Virus Free Edition. Ein Scan hat keine Ergebnisse gebracht. Aber ich habe jetzt Sorge, dass da trotzdem was sein könnte, da der GMX-Account der Bekannten offenbar unplanmäßig die Mail an ihre Kontaktdaten geschickt hat. Ich hoffe, mir kann hier jemand weiterhelfen. Und bitte ganz simpel und für Dummies erklärt... |
|
03.03.2013, 19:42
| #2 |
| /// Malware-holic   | Link in GMX-Mail angeklickt - Folgen??? Hi
__________________die Bekannte sollte sich auch mal melden. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
03.03.2013, 21:59
| #3 | |
| | Link in GMX-Mail angeklickt - Folgen???Zitat:
Erstmal DANKE für die schnelle Rückmeldung! Ich habe das mit dem Programm versucht. Hoffe, es ist so richtig. Hier die kopierten Texte, die mir rein gar nix sagen:OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.03.2013 21:17:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\M***\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,20% Memory free 8,19 Gb Paging File | 6,18 Gb Available in Paging File | 75,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581,52 Gb Total Space | 131,30 Gb Free Space | 22,58% Space Free | Partition Type: NTFS Computer Name: M***-PC | User Name: M***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.03 20:59:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\M***\Downloads\OTL.exe PRC - [2013.02.19 16:57:34 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2013.02.19 16:57:34 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.11.03 16:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe PRC - [2008.09.18 10:13:00 | 000,099,896 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe PRC - [2008.09.18 10:13:00 | 000,079,416 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe PRC - [2008.07.07 16:26:28 | 001,038,136 | ---- | M] (Packard Bell BV) -- C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe PRC - [2008.05.29 09:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\SysWOW64\HidService.exe PRC - [2008.04.28 16:16:06 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe ========== Modules (No Company Name) ========== MOD - [2013.02.19 16:57:35 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll MOD - [2013.02.19 16:57:34 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2011.11.03 16:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl MOD - [2011.11.03 16:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl MOD - [2011.11.03 16:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl ========== Services (SafeList) ========== SRV:64bit: - [2008.05.29 09:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\SysNative\HidService.exe -- (GenericHidService) SRV - [2013.02.20 21:15:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.19 16:57:34 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.28 16:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.01.20 22:31:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.07.16 13:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008.05.29 09:49:58 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\SysWow64\HidService.exe -- (GenericHidService) SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.19 16:57:35 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.01.20 22:30:38 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2008.01.21 03:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc) DRV:64bit: - [2008.01.21 03:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883) DRV:64bit: - [2008.01.21 03:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV) DRV:64bit: - [2007.05.02 10:11:14 | 000,145,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdm.sys -- (ss_mdm) DRV:64bit: - [2007.05.02 10:11:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bus.sys -- (ss_bus) DRV:64bit: - [2007.05.02 10:11:14 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdfl.sys -- (ss_mdfl) DRV - [2008.07.16 12:56:06 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_x4614_ge IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_x4614_ge IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_x4614_ge IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_x4614_ge IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_x4614_ge IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE347 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={EF8E6D64-B893-421A-912C-2035B1F1ED22}&mid=a4053ad6eaa147d0a7d4d16b2e876fbe-1234bd96338dc2ec69e8f8671ef3b96add73dbd6&lang=de&ds=AVG&pr=fr&d=2012-06-12 17:23:27&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.2.0.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/CCBPL: C:\Program Files (x86)\Canon\APU\npCCBPLFirefox.dll (Canon Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.19 16:57:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 21:15:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 21:15:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.20 20:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M***\AppData\Roaming\mozilla\Extensions [2012.10.24 18:51:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M***\AppData\Roaming\mozilla\Firefox\Profiles\36xofyxm.default\extensions [2013.02.20 21:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.19 16:57:44 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1 [2013.02.20 21:15:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.19 16:57:44 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\APU\npCCBPLFirefox.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: AVG Secure Search = C:\Users\M***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\ CHR - Extension: AVG Secure Search = C:\Users\M***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [FujiKeyboard] c:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - Startup: C:\Users\M***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\M***\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\FRITZ!DSL\\sarah.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\FRITZ!DSL\\sarah.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\FRITZ!DSL\\sarah.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files\FRITZ!DSL\\sarah.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31351785-F72F-4DD6-B9BA-30659EB785AD}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\SysWOW64\ezShellStart.exe (EasyBits Software AS) O24 - Desktop WallPaper: C:\Users\M***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\M***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.03.02 22:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2013.03.02 22:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices [2013.03.02 22:29:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2013.03.02 20:58:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.02.22 13:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaalDesignSoftware [2013.02.20 21:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.18 14:27:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN [2013.02.18 14:27:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES [2013.02.18 14:27:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES [2013.02.18 14:27:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN [2013.02.18 14:27:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES [2013.02.18 14:27:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES [2013.02.12 16:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG ========== Files - Modified Within 30 Days ========== [2013.03.03 21:06:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.03 21:00:10 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.03 21:00:10 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.03 20:51:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.03 20:06:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.03 19:07:41 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.03 19:07:41 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.03 19:07:41 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.03 19:07:41 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.03 19:07:41 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.03 19:00:54 | 000,002,417 | ---- | M] () -- C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2013.03.03 19:00:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2013.03.03 18:59:49 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys [2013.03.02 22:34:11 | 000,389,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.02 22:28:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2013.03.02 22:28:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf [2013.03.02 21:33:45 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat [2013.03.02 21:33:45 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat [2013.03.02 21:33:45 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat [2013.03.02 21:33:45 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat [2013.03.02 21:33:22 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.02 21:33:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.25 13:55:56 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2013.02.25 10:24:12 | 000,021,504 | ---- | M] () -- C:\Users\M***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.24 13:09:14 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.02.22 13:13:55 | 000,128,100 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2013.02.22 13:13:39 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\SaalDesignSoftware.lnk [2013.02.19 16:57:35 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013.02.12 16:47:14 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk ========== Files Created - No Company Name ========== [2013.03.02 22:28:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2013.03.02 22:28:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf [2013.03.02 21:40:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.03.02 21:40:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.03.02 21:33:22 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.02 21:33:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.22 13:13:39 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaalDesignSoftware.lnk [2013.02.22 13:13:39 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\SaalDesignSoftware.lnk [2012.10.25 20:00:43 | 000,128,100 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012.10.22 14:32:43 | 065,630,764 | ---- | C] () -- C:\Users\M***\goldhochzeit danksagung.cpr [2012.05.10 00:02:04 | 000,385,791 | ---- | C] () -- C:\Users\M***\bild.cpr [2012.05.09 23:20:08 | 000,445,455 | ---- | C] () -- C:\Users\M***\Goldhochzeit Einladung.cpr [2009.09.24 21:51:34 | 000,021,504 | ---- | C] () -- C:\Users\M***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.24 20:27:01 | 000,004,084 | ---- | C] () -- C:\Users\M***\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.06.12 16:52:51 | 000,000,000 | ---D | M] -- C:\Users\M***\AppData\Roaming\AVG [2012.12.27 09:34:16 | 000,000,000 | ---D | M] -- C:\Users\M***\AppData\Roaming\AVG2013 [2013.01.19 22:57:19 | 000,000,000 | ---D | M] -- C:\Users\M***\AppData\Roaming\FRITZ! [2012.06.23 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\M***\AppData\Roaming\IrfanView [2012.05.07 14:57:56 | 000,000,000 | ---D | M] -- C:\Users\M***\AppData\Roaming\SaalDesignSoftware [2009.11.26 12:06:26 | 000,000,000 | ---D | M] -- C:\Users\M***\AppData\Roaming\Template [2012.12.27 09:30:35 | 000,000,000 | ---D | M] -- C:\Users\M***\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.01.21 20:47:30 | 000,000,000 | -H-D | M] -- C:\$AVG [2009.09.24 20:25:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.09.24 20:24:45 | 000,000,000 | -H-D | M] -- C:\ACER [2013.02.18 14:35:42 | 000,000,000 | -HSD | M] -- C:\Boot [2013.03.02 22:33:06 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.09.24 20:20:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.01.20 22:23:30 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.03.02 22:30:01 | 000,000,000 | R--D | M] -- C:\Program Files [2013.03.02 22:30:01 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.01.21 21:54:23 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.09.24 20:20:04 | 000,000,000 | -HSD | M] -- C:\Programme [2013.03.03 21:18:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.05.29 09:36:56 | 000,000,000 | ---D | M] -- C:\USB_DRV [2013.01.21 21:57:13 | 000,000,000 | R--D | M] -- C:\Users [2013.03.02 22:30:56 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 16:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 16:42:03 | 000,032,510 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.01.31 16:10:29 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.01.31 16:10:31 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys [2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys [2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll [2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll [2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.05.10 00:02:05 | 000,385,791 | ---- | M] () -- C:\Users\M***\bild.cpr [2013.03.03 20:52:03 | 000,095,177 | ---- | M] () -- C:\Users\M***\DesktopStCenter.txt [2012.10.22 14:32:46 | 065,630,764 | ---- | M] () -- C:\Users\M***\goldhochzeit danksagung.cpr [2012.05.09 23:24:40 | 000,445,455 | ---- | M] () -- C:\Users\M***\Goldhochzeit Einladung.cpr [2013.03.03 21:16:57 | 003,932,160 | -HS- | M] () -- C:\Users\M***\ntuser.dat [2013.03.03 21:16:57 | 000,262,144 | -H-- | M] () -- C:\Users\M***\ntuser.dat.LOG1 [2009.09.24 20:23:13 | 000,000,000 | -H-- | M] () -- C:\Users\M***\ntuser.dat.LOG2 [2013.03.03 18:58:15 | 000,065,536 | -HS- | M] () -- C:\Users\M***\ntuser.dat{8de3c777-1d25-11e1-93c9-00226863864d}.TM.blf [2013.03.03 18:58:15 | 000,524,288 | -HS- | M] () -- C:\Users\M***\ntuser.dat{8de3c777-1d25-11e1-93c9-00226863864d}.TMContainer00000000000000000001.regtrans-ms [2011.12.02 21:52:34 | 000,524,288 | -HS- | M] () -- C:\Users\M***\ntuser.dat{8de3c777-1d25-11e1-93c9-00226863864d}.TMContainer00000000000000000002.regtrans-ms [2011.12.01 23:35:04 | 000,065,536 | -HS- | M] () -- C:\Users\M***\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2011.06.09 15:44:34 | 000,524,288 | -HS- | M] () -- C:\Users\M***\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2011.12.01 23:35:04 | 000,524,288 | -HS- | M] () -- C:\Users\M***\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms [2009.09.24 20:23:14 | 000,000,020 | -HS- | M] () -- C:\Users\M***\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.03.2013 21:17:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\M***\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,20% Memory free
8,19 Gb Paging File | 6,18 Gb Available in Paging File | 75,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,52 Gb Total Space | 131,30 Gb Free Space | 22,58% Space Free | Partition Type: NTFS
Computer Name: M***-PC | User Name: M***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 2E 07 5C DF DC 0D CE 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{044C42F7-D6C3-4105-A4C4-27B70F249438}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{2189CECF-C105-4DE5-B118-6FD4AD565304}" = rport=138 | protocol=17 | dir=out | app=system |
"{52737954-22DC-4647-AEFF-691FCCA3234A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{560AE39B-7EE8-4E13-9C72-7A1A82D4FBD4}" = lport=138 | protocol=17 | dir=in | app=system |
"{5F881869-FED0-4B6C-B8AE-322B28EFC200}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F73A7B8-1EE5-401A-9DFA-DD0B94CFFAD9}" = rport=137 | protocol=17 | dir=out | app=system |
"{8F5FA61C-46B3-4843-B39E-53579876A8F9}" = rport=139 | protocol=6 | dir=out | app=system |
"{A33B628A-2A5E-458D-9BC5-7B9B68415035}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D99EFF63-7D05-47FE-A92B-E0D89E89D357}" = lport=139 | protocol=6 | dir=in | app=system |
"{F6BC1D45-EC30-4052-889E-0124CCB3DAE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F95A954D-3491-4336-BF47-57FE14E3ABBB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9A8EBEE-EDCB-4FE8-B25A-9C8AB9F929EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{F9EFA409-7A48-4D89-AD7D-C1BCD7167A71}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B4A6705-E43D-4D53-AA55-10DE7F5FA945}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{1B22A208-5A9C-48C8-8564-738324C33AE8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{20D4BD3D-20E0-468E-9160-3AA1AB8D515B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{23F008E6-B762-45ED-99F8-0C7572A6833C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{282CB714-DD17-4801-9702-BFF6D9A0BE49}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{2A7073F3-AD5B-409E-BCCA-E500619F3D2D}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{4158D142-55C0-4F19-88B7-283C2A3BBAE5}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{49EA9684-3675-43FD-8EB2-98E060D1709E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{57F3061E-6050-4D2F-99B8-7F9B0276AE30}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5929140B-78E3-47D5-9C1E-9A1BDADBA8A0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5AD83EE9-65EA-466D-B18D-1B2E4AB7E9ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D63FEE0-37BD-4E66-B672-D704B4B1DB14}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{6E768AAA-6ADF-42E2-B1DB-7DBAA598DA2E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{73EBC70A-8A04-44FF-A242-078CD36CBC48}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{7846CB16-F865-4469-9EBD-BF8C67EE1F9C}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\republic heroes\republic heroes.exe |
"{7D506531-58F9-4C92-A723-BDA9718AE84D}" = protocol=6 | dir=in | app=c:\users\martina\videos\videoconverter_setup.exe |
"{7DA5B639-B2F9-468C-8EC0-C1CF073D4902}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{7FA5136B-BABF-456F-9049-9C89411DD4AF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{89A6F7E8-5CA0-4A63-BA83-F5CF112267C6}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{8BC50950-E470-49B7-BD0C-9FF014B81195}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{8BF72D24-120F-4DC4-B790-F129E6BD07BB}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\republic heroes\republic heroes.exe |
"{95079805-C655-4549-85D9-80F66AF7B0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{A2F8DBBF-4DD9-4EFB-9FA6-545597E37DCB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{ACFB6C97-B680-4FD5-BECA-C4390361B354}" = protocol=17 | dir=in | app=c:\users\m***\videos\videoconverter_setup.exe |
"{C444EFE0-231A-4500-9D5C-87940A753506}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{CAE50B08-CF22-49DC-98A8-59D1BF7A0C11}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{CB7C461A-1D64-4AB8-AC03-C7B521D3ECE3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D14E93AE-65F9-4ADD-BAB9-5D3B88416C20}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D3DDBC4D-A053-4711-BB0D-D164D2AF2667}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{D8050D3C-1797-430C-8B06-D4A76BE99C5C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D97D1DA2-68AB-4E13-8723-40C1007F6DE0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{DC7DA785-D855-45C6-AD1A-8B523B2F3F28}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{DF6ABCE0-931A-44CE-8165-9B62BC22DEAC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E5D9178B-27E5-40E3-9FD7-29058F31DFC2}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{E85FA4F5-38FA-4538-9B2F-7A1453BEEA9D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{F6766F9E-61CF-40D2-B7FE-38B2E6B14C3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NIS2009" = Norton Internet Security 2009
"NVIDIA Drivers" = NVIDIA Drivers
"Office2007" = Microsoft Office Home and Student
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Works9se" = Microsoft Works 9.0 SE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11AE6807-50D2-4F59-82B3-2C3E695E94C2}" = NVIDIA PhysX v8.05.26
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.0.1.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98C25937-BE36-D16A-F0F6-C66F6173CFA6}" = Saal Design Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8C2A0AE-FBF8-4B0D-A541-F434D80E55B2}" = Windows Vista Demo Screen Saver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"APU" = CANON iMAGE GATEWAY Album Plugin Utility
"AVG Secure Search" = AVG Security Toolbar
"Canon RAW Codec" = Canon RAW Codec
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"Google Chrome" = Google Chrome
"InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PremElem40" = Adobe Premiere Elements 4.0
"SaalDesignSoftware" = Saal Design Software
"Tales of Monkey Island" = Tales of Monkey Island
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.09.2011 11:12:09 | Computer Name = M***-PC | Source = Software Licensing Service | ID = 1020
Description = Fehler beim Laden des Proxyausführungsschlüssels. hr=0xC004D401 Proxyausführungsrichtlinie=WindowsSearchEngine-Licensing-SearchEnabled
Error - 05.09.2011 11:12:09 | Computer Name = M***-PC | Source = Software Licensing Service | ID = 1020
Description = Fehler beim Laden des Proxyausführungsschlüssels. hr=0xC004D401 Proxyausführungsrichtlinie=parentalcontrols-EnableFeature
Error - 05.09.2011 11:12:09 | Computer Name = M***-PC | Source = Software Licensing Service | ID = 1020
Description = Fehler beim Laden des Proxyausführungsschlüssels. hr=0xC004D401 Proxyausführungsrichtlinie=shell32-EnableProxyFeature
Error - 05.09.2011 11:12:17 | Computer Name = M***-PC | Source = Winlogon | ID = 4102
Description = Die Windows-Lizenz ist ungültig. Fehler 0xC004F027. Richtlinienwert
0x00000000.
Error - 05.09.2011 11:12:31 | Computer Name = M***-PC | Source = Software Licensing Service | ID = 8193
Description = Der Lizenzaktivierungsplaner (SLUINotify.dll) ist mit folgendem Fehlercode
fehlgeschlagen: 0xC004D401
Error - 05.09.2011 11:12:55 | Computer Name = M***-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error - 05.09.2011 11:15:37 | Computer Name = M***-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.09.2011 15:11:47 | Computer Name = M***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.09.2011 15:11:48 | Computer Name = M***-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Error - 05.09.2011 15:13:02 | Computer Name = M***-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 03.03.2013 05:31:07 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 03.03.2013 05:31:07 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.03.2013 06:02:26 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 03.03.2013 12:38:04 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 03.03.2013 12:38:04 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 03.03.2013 12:38:04 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.03.2013 13:58:25 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 03.03.2013 14:01:07 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 03.03.2013 14:01:07 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.03.2013 14:01:07 | Computer Name = M***-PC | Source = Service Control Manager | ID = 7006
Description =
< End of report >
Ich habe versucht, persönliches, soweit ich es in dem Kauderwelsch_-Text gefunden habe zu *** . Ob es mir immer geglückt ist, weiß ich nicht, seufz! War das so ok? Wie geht es nun weiter? |
|
04.03.2013, 20:09
| #4 |
| /// Malware-holic | Link in GMX-Mail angeklickt - Folgen??? Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O8:64bit: - Extra context menu item: An OneNote senden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote senden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
:files
:Commands
[emptytemp]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 22:06
| #5 |
| | Link in GMX-Mail angeklickt - Folgen??? Hallo Markus, ich habe das wie von dir beschrieben versucht, aber hinter OTL stand immer wieder (Keine Rückmeldung), der Kringel drehte sich ewig und es tat sich nichts. Ach ja, beim Druck auf Fix-Button verschwand bis auf den letzten Klammerbegriff der von mir in die Textbox kopierte Text komplett. Ist das so normal? Soll ich es nochmal versuchen? Habe ich was falsch gemacht? Habe trotzdem Neustart gemacht und das Textdokument unter C ist leer. Was soll ich nun machen? |
|
04.03.2013, 22:07
| #6 |
| /// Malware-holic | Link in GMX-Mail angeklickt - Folgen??? ok erst mal: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Link in GMX-Mail angeklickt - Folgen??? |
|
04.03.2013, 22:20
| #7 |
| | Link in GMX-Mail angeklickt - Folgen??? Ich hoffe das ist der richtige Text, den du brauchst: 22:10:31.0653 3676 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 22:10:31.0980 3676 ============================================================ 22:10:31.0980 3676 Current date / time: 2013/03/04 22:10:31.0980 22:10:31.0980 3676 SystemInfo: 22:10:31.0980 3676 22:10:31.0980 3676 OS Version: 6.0.6002 ServicePack: 2.0 22:10:31.0980 3676 Product type: Workstation 22:10:31.0980 3676 ComputerName: ***-PC 22:10:31.0980 3676 UserName: *** 22:10:31.0980 3676 Windows directory: C:\Windows 22:10:31.0980 3676 System windows directory: C:\Windows 22:10:31.0980 3676 Running under WOW64 22:10:31.0980 3676 Processor architecture: Intel x64 22:10:31.0980 3676 Number of processors: 4 22:10:31.0980 3676 Page size: 0x1000 22:10:31.0980 3676 Boot type: Normal boot 22:10:31.0980 3676 ============================================================ 22:10:32.0667 3676 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:10:32.0682 3676 ============================================================ 22:10:32.0682 3676 \Device\Harddisk0\DR0: 22:10:32.0682 3676 MBR partitions: 22:10:32.0682 3676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4F800, BlocksNum 0x48B08000 22:10:32.0682 3676 ============================================================ 22:10:32.0713 3676 C: <-> \Device\Harddisk0\DR0\Partition1 22:10:32.0713 3676 ============================================================ 22:10:32.0713 3676 Initialize success 22:10:32.0713 3676 ============================================================ 22:13:17.0888 2640 ============================================================ 22:13:17.0888 2640 Scan started 22:13:17.0888 2640 Mode: Manual; SigCheck; TDLFS; 22:13:17.0888 2640 ============================================================ 22:13:19.0526 2640 ================ Scan system memory ======================== 22:13:19.0526 2640 System memory - ok 22:13:19.0526 2640 ================ Scan services ============================= 22:13:19.0854 2640 [ 78E902FB660BD5003FE726B9BEF300B6 ] 61883 C:\Windows\system32\DRIVERS\61883.sys 22:13:20.0213 2640 61883 - ok 22:13:20.0306 2640 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 22:13:20.0322 2640 ACPI - ok 22:13:20.0415 2640 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 22:13:20.0447 2640 AdobeActiveFileMonitor6.0 - ok 22:13:20.0525 2640 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 22:13:20.0540 2640 AdobeARMservice - ok 22:13:20.0649 2640 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 22:13:20.0712 2640 adp94xx - ok 22:13:20.0759 2640 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys 22:13:20.0774 2640 adpahci - ok 22:13:20.0821 2640 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 22:13:20.0837 2640 adpu160m - ok 22:13:20.0899 2640 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 22:13:20.0915 2640 adpu320 - ok 22:13:20.0946 2640 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:13:21.0086 2640 AeLookupSvc - ok 22:13:21.0133 2640 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys 22:13:21.0242 2640 AFD - ok 22:13:21.0273 2640 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:13:21.0289 2640 agp440 - ok 22:13:21.0320 2640 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 22:13:21.0336 2640 aic78xx - ok 22:13:21.0351 2640 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 22:13:21.0414 2640 ALG - ok 22:13:21.0429 2640 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys 22:13:21.0445 2640 aliide - ok 22:13:21.0476 2640 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys 22:13:21.0492 2640 amdide - ok 22:13:21.0507 2640 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 22:13:21.0570 2640 AmdK8 - ok 22:13:21.0632 2640 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 22:13:21.0710 2640 Appinfo - ok 22:13:21.0741 2640 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys 22:13:21.0757 2640 arc - ok 22:13:21.0757 2640 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys 22:13:21.0773 2640 arcsas - ok 22:13:21.0804 2640 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:13:21.0851 2640 AsyncMac - ok 22:13:21.0913 2640 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys 22:13:21.0929 2640 atapi - ok 22:13:21.0975 2640 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:13:22.0100 2640 AudioEndpointBuilder - ok 22:13:22.0100 2640 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 22:13:22.0131 2640 AudioSrv - ok 22:13:22.0194 2640 [ 295FA2878FF499C0EDFA0EBCC8C6EC66 ] Avc C:\Windows\system32\DRIVERS\avc.sys 22:13:22.0272 2640 Avc - ok 22:13:22.0459 2640 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe 22:13:23.0021 2640 AVGIDSAgent - ok 22:13:23.0067 2640 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 22:13:23.0145 2640 AVGIDSDriver - ok 22:13:23.0161 2640 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 22:13:23.0177 2640 AVGIDSHA - ok 22:13:23.0208 2640 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 22:13:23.0223 2640 Avgldx64 - ok 22:13:23.0270 2640 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys 22:13:23.0286 2640 Avgloga - ok 22:13:23.0348 2640 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 22:13:23.0364 2640 Avgmfx64 - ok 22:13:23.0395 2640 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 22:13:23.0442 2640 Avgrkx64 - ok 22:13:23.0457 2640 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 22:13:23.0473 2640 Avgtdia - ok 22:13:23.0535 2640 [ 4C05242DC361A217223E9B8EC2B3A76B ] avgtp C:\Windows\system32\drivers\avgtpx64.sys 22:13:23.0551 2640 avgtp - ok 22:13:23.0598 2640 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe 22:13:23.0613 2640 avgwd - ok 22:13:23.0676 2640 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll 22:13:23.0785 2640 BFE - ok 22:13:23.0832 2640 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll 22:13:23.0910 2640 BITS - ok 22:13:23.0957 2640 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 22:13:24.0019 2640 blbdrive - ok 22:13:24.0066 2640 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:13:24.0144 2640 bowser - ok 22:13:24.0175 2640 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 22:13:24.0206 2640 BrFiltLo - ok 22:13:24.0222 2640 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 22:13:24.0269 2640 BrFiltUp - ok 22:13:24.0300 2640 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 22:13:24.0378 2640 Browser - ok 22:13:24.0409 2640 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 22:13:24.0565 2640 Brserid - ok 22:13:24.0581 2640 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 22:13:24.0659 2640 BrSerWdm - ok 22:13:24.0674 2640 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 22:13:24.0752 2640 BrUsbMdm - ok 22:13:24.0783 2640 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 22:13:24.0877 2640 BrUsbSer - ok 22:13:24.0908 2640 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 22:13:24.0986 2640 BTHMODEM - ok 22:13:25.0002 2640 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:13:25.0080 2640 cdfs - ok 22:13:25.0142 2640 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 22:13:25.0205 2640 cdrom - ok 22:13:25.0251 2640 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 22:13:25.0298 2640 CertPropSvc - ok 22:13:25.0329 2640 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys 22:13:25.0376 2640 circlass - ok 22:13:25.0423 2640 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 22:13:25.0673 2640 CLFS - ok 22:13:25.0860 2640 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:13:25.0907 2640 clr_optimization_v2.0.50727_32 - ok 22:13:25.0953 2640 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:13:25.0985 2640 clr_optimization_v2.0.50727_64 - ok 22:13:26.0141 2640 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:13:26.0172 2640 clr_optimization_v4.0.30319_32 - ok 22:13:26.0375 2640 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:13:26.0390 2640 clr_optimization_v4.0.30319_64 - ok 22:13:26.0453 2640 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:13:26.0468 2640 cmdide - ok 22:13:26.0499 2640 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 22:13:26.0515 2640 Compbatt - ok 22:13:26.0515 2640 COMSysApp - ok 22:13:26.0531 2640 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 22:13:26.0546 2640 crcdisk - ok 22:13:26.0577 2640 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:13:26.0671 2640 CryptSvc - ok 22:13:26.0718 2640 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 22:13:26.0796 2640 DcomLaunch - ok 22:13:26.0843 2640 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:13:26.0921 2640 DfsC - ok 22:13:27.0061 2640 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 22:13:27.0279 2640 DFSR - ok 22:13:27.0311 2640 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 22:13:27.0357 2640 Dhcp - ok 22:13:27.0420 2640 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 22:13:27.0435 2640 disk - ok 22:13:27.0513 2640 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:13:27.0576 2640 Dnscache - ok 22:13:27.0591 2640 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 22:13:27.0654 2640 dot3svc - ok 22:13:27.0685 2640 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 22:13:27.0716 2640 DPS - ok 22:13:27.0763 2640 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:13:27.0794 2640 drmkaud - ok 22:13:28.0013 2640 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:13:28.0059 2640 DXGKrnl - ok 22:13:28.0106 2640 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 22:13:28.0137 2640 E1G60 - ok 22:13:28.0169 2640 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 22:13:28.0231 2640 EapHost - ok 22:13:28.0278 2640 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 22:13:28.0293 2640 Ecache - ok 22:13:28.0325 2640 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:13:28.0418 2640 ehRecvr - ok 22:13:28.0434 2640 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe 22:13:28.0449 2640 ehSched - ok 22:13:28.0481 2640 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll 22:13:28.0559 2640 ehstart - ok 22:13:28.0590 2640 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys 22:13:28.0637 2640 elxstor - ok 22:13:28.0683 2640 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 22:13:28.0871 2640 EMDMgmt - ok 22:13:28.0980 2640 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:13:29.0058 2640 ErrDev - ok 22:13:29.0136 2640 [ 23112102BC2A8FE44B8AC44A05BDF4C3 ] ETService C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe 22:13:29.0183 2640 ETService ( UnsignedFile.Multi.Generic ) - warning 22:13:29.0183 2640 ETService - detected UnsignedFile.Multi.Generic (1) 22:13:29.0229 2640 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 22:13:29.0292 2640 EventSystem - ok 22:13:29.0339 2640 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 22:13:29.0432 2640 exfat - ok 22:13:29.0448 2640 ezSharedSvc - ok 22:13:29.0495 2640 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:13:29.0604 2640 fastfat - ok 22:13:29.0651 2640 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 22:13:29.0682 2640 fdc - ok 22:13:29.0713 2640 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 22:13:29.0822 2640 fdPHost - ok 22:13:29.0853 2640 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 22:13:29.0963 2640 FDResPub - ok 22:13:29.0978 2640 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:13:30.0072 2640 FileInfo - ok 22:13:30.0119 2640 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:13:30.0150 2640 Filetrace - ok 22:13:30.0368 2640 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 22:13:30.0524 2640 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 22:13:30.0524 2640 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 22:13:30.0587 2640 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 22:13:30.0618 2640 flpydisk - ok 22:13:30.0789 2640 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:13:30.0836 2640 FltMgr - ok 22:13:31.0195 2640 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll 22:13:31.0460 2640 FontCache - ok 22:13:31.0507 2640 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:13:31.0523 2640 FontCache3.0.0.0 - ok 22:13:31.0647 2640 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:13:31.0741 2640 Fs_Rec - ok 22:13:31.0772 2640 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 22:13:31.0788 2640 gagp30kx - ok 22:13:31.0819 2640 GenericHidService - ok 22:13:31.0913 2640 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 22:13:31.0959 2640 gpsvc - ok 22:13:32.0022 2640 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:13:32.0037 2640 gupdate - ok 22:13:32.0053 2640 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:13:32.0053 2640 gupdatem - ok 22:13:32.0084 2640 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 22:13:32.0100 2640 gusvc - ok 22:13:32.0147 2640 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:13:32.0225 2640 HdAudAddService - ok 22:13:32.0318 2640 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 22:13:32.0443 2640 HDAudBus - ok 22:13:32.0474 2640 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys 22:13:32.0552 2640 HidBth - ok 22:13:32.0568 2640 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys 22:13:32.0661 2640 HidIr - ok 22:13:32.0693 2640 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll 22:13:32.0786 2640 hidserv - ok 22:13:32.0802 2640 [ D02C82CB3A20F391C8AEFF94E8E0BAA1 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 22:13:32.0849 2640 HidUsb - ok 22:13:32.0880 2640 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 22:13:33.0005 2640 hkmsvc - ok 22:13:33.0051 2640 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 22:13:33.0114 2640 HpCISSs - ok 22:13:33.0161 2640 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:13:33.0285 2640 HTTP - ok 22:13:33.0332 2640 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 22:13:33.0348 2640 i2omp - ok 22:13:33.0363 2640 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 22:13:33.0395 2640 i8042prt - ok 22:13:33.0426 2640 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 22:13:33.0519 2640 iaStorV - ok 22:13:33.0644 2640 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:13:33.0675 2640 idsvc - ok 22:13:33.0738 2640 [ AC9EBDE25DB39A35E1CEB0441BA7A464 ] IGDCTRL C:\Program Files\FRITZ!DSL\IGDCTRL.EXE 22:13:33.0769 2640 IGDCTRL - ok 22:13:33.0800 2640 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 22:13:33.0816 2640 iirsp - ok 22:13:33.0847 2640 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 22:13:33.0894 2640 IKEEXT - ok 22:13:33.0972 2640 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys 22:13:33.0987 2640 int15 - ok 22:13:34.0065 2640 [ 504EAA8A5A61B051AD5B26205FC00E12 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 22:13:34.0128 2640 IntcAzAudAddService - ok 22:13:34.0175 2640 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys 22:13:34.0190 2640 intelide - ok 22:13:34.0221 2640 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:13:34.0268 2640 intelppm - ok 22:13:34.0284 2640 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:13:34.0331 2640 IPBusEnum - ok 22:13:34.0346 2640 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:13:34.0393 2640 IpFilterDriver - ok 22:13:34.0424 2640 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:13:34.0487 2640 iphlpsvc - ok 22:13:34.0487 2640 IpInIp - ok 22:13:34.0502 2640 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 22:13:34.0549 2640 IPMIDRV - ok 22:13:34.0565 2640 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 22:13:34.0596 2640 IPNAT - ok 22:13:34.0611 2640 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:13:34.0674 2640 IRENUM - ok 22:13:34.0721 2640 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:13:34.0736 2640 isapnp - ok 22:13:34.0939 2640 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 22:13:34.0955 2640 iScsiPrt - ok 22:13:34.0970 2640 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 22:13:34.0986 2640 iteatapi - ok 22:13:35.0017 2640 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 22:13:35.0033 2640 iteraid - ok 22:13:35.0064 2640 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 22:13:35.0079 2640 kbdclass - ok 22:13:35.0095 2640 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 22:13:35.0126 2640 kbdhid - ok 22:13:35.0204 2640 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe 22:13:35.0251 2640 KeyIso - ok 22:13:35.0267 2640 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:13:35.0298 2640 KSecDD - ok 22:13:35.0313 2640 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:13:35.0360 2640 ksthunk - ok 22:13:35.0454 2640 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 22:13:35.0501 2640 KtmRm - ok 22:13:35.0547 2640 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll 22:13:35.0625 2640 LanmanServer - ok 22:13:35.0703 2640 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:13:35.0766 2640 LanmanWorkstation - ok 22:13:35.0781 2640 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:13:35.0844 2640 lltdio - ok 22:13:35.0984 2640 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:13:36.0015 2640 lltdsvc - ok 22:13:36.0047 2640 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:13:36.0093 2640 lmhosts - ok 22:13:36.0140 2640 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 22:13:36.0156 2640 LSI_FC - ok 22:13:36.0171 2640 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 22:13:36.0187 2640 LSI_SAS - ok 22:13:36.0249 2640 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 22:13:36.0265 2640 LSI_SCSI - ok 22:13:36.0296 2640 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 22:13:36.0343 2640 luafv - ok 22:13:36.0359 2640 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:13:36.0374 2640 Mcx2Svc - ok 22:13:36.0421 2640 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys 22:13:36.0437 2640 megasas - ok 22:13:36.0483 2640 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys 22:13:36.0515 2640 MegaSR - ok 22:13:36.0561 2640 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 22:13:36.0624 2640 MMCSS - ok 22:13:36.0639 2640 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 22:13:36.0717 2640 Modem - ok 22:13:36.0733 2640 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:13:36.0780 2640 monitor - ok 22:13:36.0811 2640 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 22:13:36.0827 2640 mouclass - ok 22:13:36.0842 2640 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:13:36.0889 2640 mouhid - ok 22:13:36.0936 2640 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 22:13:36.0951 2640 MountMgr - ok 22:13:37.0029 2640 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 22:13:37.0045 2640 MozillaMaintenance - ok 22:13:37.0076 2640 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys 22:13:37.0092 2640 mpio - ok 22:13:37.0107 2640 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:13:37.0170 2640 mpsdrv - ok 22:13:37.0201 2640 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll 22:13:37.0263 2640 MpsSvc - ok 22:13:37.0279 2640 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 22:13:37.0295 2640 Mraid35x - ok 22:13:37.0326 2640 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:13:37.0357 2640 MRxDAV - ok 22:13:37.0388 2640 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:13:37.0435 2640 mrxsmb - ok 22:13:37.0451 2640 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:13:37.0482 2640 mrxsmb10 - ok 22:13:37.0497 2640 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:13:37.0513 2640 mrxsmb20 - ok 22:13:37.0560 2640 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys 22:13:37.0575 2640 msahci - ok 22:13:37.0607 2640 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:13:37.0622 2640 msdsm - ok 22:13:37.0653 2640 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe 22:13:37.0700 2640 MSDTC - ok 22:13:37.0778 2640 [ DF674BA7DA5A4753D839A905B66D2FD9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys 22:13:37.0825 2640 MSDV - ok 22:13:37.0856 2640 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:13:37.0934 2640 Msfs - ok 22:13:37.0950 2640 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:13:37.0965 2640 msisadrv - ok 22:13:38.0028 2640 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:13:38.0059 2640 MSiSCSI - ok 22:13:38.0059 2640 msiserver - ok 22:13:38.0121 2640 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:13:38.0168 2640 MSKSSRV - ok 22:13:38.0199 2640 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:13:38.0246 2640 MSPCLOCK - ok 22:13:38.0262 2640 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:13:38.0324 2640 MSPQM - ok 22:13:38.0355 2640 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:13:38.0387 2640 MsRPC - ok 22:13:38.0402 2640 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 22:13:38.0402 2640 mssmbios - ok 22:13:38.0433 2640 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:13:38.0480 2640 MSTEE - ok 22:13:38.0496 2640 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys 22:13:38.0511 2640 Mup - ok 22:13:38.0589 2640 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll 22:13:38.0652 2640 napagent - ok 22:13:38.0699 2640 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:13:38.0714 2640 NativeWifiP - ok 22:13:38.0808 2640 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys 22:13:38.0839 2640 NDIS - ok 22:13:38.0870 2640 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:13:38.0917 2640 NdisTapi - ok 22:13:39.0011 2640 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:13:39.0073 2640 Ndisuio - ok 22:13:39.0104 2640 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:13:39.0135 2640 NdisWan - ok 22:13:39.0151 2640 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:13:39.0198 2640 NDProxy - ok 22:13:39.0338 2640 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe 22:13:39.0479 2640 Nero BackItUp Scheduler 3 - ok 22:13:39.0525 2640 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:13:39.0588 2640 NetBIOS - ok 22:13:39.0603 2640 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 22:13:39.0635 2640 netbt - ok 22:13:39.0650 2640 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe 22:13:39.0666 2640 Netlogon - ok 22:13:39.0697 2640 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll 22:13:39.0759 2640 Netman - ok 22:13:39.0775 2640 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll 22:13:39.0822 2640 netprofm - ok 22:13:39.0837 2640 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:13:40.0212 2640 NetTcpPortSharing - ok 22:13:40.0274 2640 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 22:13:40.0321 2640 nfrd960 - ok 22:13:40.0524 2640 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll 22:13:40.0571 2640 NlaSvc - ok 22:13:40.0649 2640 [ CD4326BC339F98DE21AA07B208A305AE ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe 22:13:40.0695 2640 NMIndexingService - ok 22:13:40.0742 2640 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:13:40.0789 2640 Npfs - ok 22:13:40.0820 2640 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll 22:13:40.0914 2640 nsi - ok 22:13:40.0945 2640 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:13:41.0007 2640 nsiproxy - ok 22:13:41.0054 2640 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:13:41.0117 2640 Ntfs - ok 22:13:41.0148 2640 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys 22:13:41.0226 2640 Null - ok 22:13:41.0288 2640 [ AE17AAE41FC47ADA0B989D1FA6FBA60B ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys 22:13:41.0366 2640 NVENETFD - ok 22:13:41.0850 2640 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:13:42.0708 2640 nvlddmkm - ok 22:13:42.0739 2640 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:13:42.0755 2640 nvraid - ok 22:13:42.0786 2640 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:13:42.0817 2640 nvstor - ok 22:13:42.0879 2640 [ D1F5DCF8D5A55C0FBBFB49C0ED1F2F5D ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys 22:13:42.0879 2640 nvstor64 - ok 22:13:42.0926 2640 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe 22:13:42.0957 2640 nvsvc - ok 22:13:43.0020 2640 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 22:13:43.0098 2640 nvUpdatusService - ok 22:13:43.0145 2640 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:13:43.0160 2640 nv_agp - ok 22:13:43.0176 2640 NwlnkFlt - ok 22:13:43.0176 2640 NwlnkFwd - ok 22:13:43.0223 2640 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 22:13:43.0254 2640 ohci1394 - ok 22:13:43.0316 2640 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:13:43.0332 2640 ose - ok 22:13:43.0566 2640 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 22:13:43.0722 2640 osppsvc - ok 22:13:43.0769 2640 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll 22:13:43.0893 2640 p2pimsvc - ok 22:13:43.0925 2640 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll 22:13:43.0940 2640 p2psvc - ok 22:13:44.0003 2640 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys 22:13:44.0065 2640 Parport - ok 22:13:44.0096 2640 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:13:44.0112 2640 partmgr - ok 22:13:44.0127 2640 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll 22:13:44.0205 2640 PcaSvc - ok 22:13:44.0252 2640 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys 22:13:44.0268 2640 pci - ok 22:13:44.0361 2640 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys 22:13:44.0377 2640 pciide - ok 22:13:44.0393 2640 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 22:13:44.0408 2640 pcmcia - ok 22:13:44.0471 2640 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:13:44.0783 2640 PEAUTH - ok 22:13:44.0907 2640 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:13:44.0985 2640 PerfHost - ok 22:13:45.0048 2640 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll 22:13:45.0126 2640 pla - ok 22:13:45.0157 2640 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe 22:13:45.0188 2640 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning 22:13:45.0188 2640 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1) 22:13:45.0251 2640 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:13:45.0282 2640 PlugPlay - ok 22:13:45.0313 2640 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 22:13:45.0344 2640 PNRPAutoReg - ok 22:13:45.0391 2640 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll 22:13:45.0438 2640 PNRPsvc - ok 22:13:45.0563 2640 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:13:45.0594 2640 PolicyAgent - ok 22:13:45.0625 2640 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:13:45.0656 2640 PptpMiniport - ok 22:13:45.0703 2640 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys 22:13:45.0750 2640 Processor - ok 22:13:45.0781 2640 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll 22:13:45.0828 2640 ProfSvc - ok 22:13:45.0859 2640 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe 22:13:45.0906 2640 ProtectedStorage - ok 22:13:45.0999 2640 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 22:13:46.0031 2640 PSched - ok 22:13:46.0062 2640 [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 22:13:46.0077 2640 PxHlpa64 - ok 22:13:46.0124 2640 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys 22:13:46.0187 2640 ql2300 - ok 22:13:46.0202 2640 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 22:13:46.0218 2640 ql40xx - ok 22:13:46.0249 2640 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll 22:13:46.0280 2640 QWAVE - ok 22:13:46.0327 2640 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:13:46.0343 2640 QWAVEdrv - ok 22:13:46.0374 2640 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:13:46.0421 2640 RasAcd - ok 22:13:46.0436 2640 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll 22:13:46.0483 2640 RasAuto - ok 22:13:46.0499 2640 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:13:46.0530 2640 Rasl2tp - ok 22:13:46.0545 2640 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll 22:13:46.0577 2640 RasMan - ok 22:13:46.0623 2640 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:13:46.0670 2640 RasPppoe - ok 22:13:46.0701 2640 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:13:46.0733 2640 RasSstp - ok 22:13:46.0779 2640 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:13:46.0811 2640 rdbss - ok 22:13:46.0826 2640 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:13:46.0857 2640 RDPCDD - ok 22:13:46.0889 2640 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 22:13:46.0935 2640 rdpdr - ok 22:13:46.0951 2640 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:13:46.0982 2640 RDPENCDD - ok 22:13:47.0029 2640 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:13:47.0107 2640 RDPWD - ok 22:13:47.0138 2640 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:13:47.0185 2640 RemoteAccess - ok 22:13:47.0216 2640 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:13:47.0263 2640 RemoteRegistry - ok 22:13:47.0294 2640 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe 22:13:47.0372 2640 RpcLocator - ok 22:13:47.0419 2640 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll 22:13:47.0466 2640 RpcSs - ok 22:13:47.0497 2640 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:13:47.0528 2640 rspndr - ok 22:13:47.0544 2640 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe 22:13:47.0559 2640 SamSs - ok 22:13:47.0575 2640 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:13:47.0591 2640 sbp2port - ok 22:13:47.0622 2640 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:13:47.0653 2640 SCardSvr - ok 22:13:47.0700 2640 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll 22:13:47.0825 2640 Schedule - ok 22:13:47.0856 2640 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll 22:13:47.0871 2640 SCPolicySvc - ok 22:13:47.0903 2640 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:13:48.0027 2640 SDRSVC - ok 22:13:48.0043 2640 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:13:48.0090 2640 secdrv - ok 22:13:48.0105 2640 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll 22:13:48.0152 2640 seclogon - ok 22:13:48.0183 2640 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll 22:13:48.0230 2640 SENS - ok 22:13:48.0261 2640 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys 22:13:48.0339 2640 Serenum - ok 22:13:48.0371 2640 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys 22:13:48.0433 2640 Serial - ok 22:13:48.0464 2640 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys 22:13:48.0527 2640 sermouse - ok 22:13:48.0558 2640 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll 22:13:48.0589 2640 SessionEnv - ok 22:13:48.0620 2640 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:13:48.0683 2640 sffdisk - ok 22:13:48.0683 2640 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:13:48.0729 2640 sffp_mmc - ok 22:13:48.0745 2640 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:13:48.0823 2640 sffp_sd - ok 22:13:48.0839 2640 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 22:13:48.0885 2640 sfloppy - ok 22:13:48.0932 2640 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:13:48.0995 2640 SharedAccess - ok 22:13:49.0041 2640 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:13:49.0135 2640 ShellHWDetection - ok 22:13:49.0166 2640 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 22:13:49.0182 2640 SiSRaid2 - ok 22:13:49.0213 2640 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 22:13:49.0229 2640 SiSRaid4 - ok 22:13:49.0338 2640 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 22:13:49.0353 2640 SkypeUpdate - ok 22:13:49.0400 2640 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe 22:13:49.0525 2640 slsvc - ok 22:13:49.0572 2640 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll 22:13:49.0603 2640 SLUINotify - ok 22:13:49.0619 2640 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:13:49.0665 2640 Smb - ok 22:13:49.0712 2640 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:13:49.0743 2640 SNMPTRAP - ok 22:13:49.0821 2640 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys 22:13:49.0837 2640 spldr - ok 22:13:50.0087 2640 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe 22:13:50.0165 2640 Spooler - ok 22:13:50.0243 2640 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys 22:13:50.0336 2640 srv - ok 22:13:50.0352 2640 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:13:50.0399 2640 srv2 - ok 22:13:50.0445 2640 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:13:50.0492 2640 srvnet - ok 22:13:50.0523 2640 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:13:50.0570 2640 SSDPSRV - ok 22:13:50.0601 2640 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:13:50.0633 2640 SstpSvc - ok 22:13:50.0664 2640 [ F5CB1651A046370739995015122C0B7E ] ss_bus C:\Windows\system32\DRIVERS\ss_bus.sys 22:13:50.0679 2640 ss_bus - ok 22:13:50.0711 2640 [ 7E08AE04093BCE4AC93EA179B58526F9 ] ss_mdfl C:\Windows\system32\DRIVERS\ss_mdfl.sys 22:13:50.0711 2640 ss_mdfl - ok 22:13:50.0742 2640 [ 052BF246422B007D3B827ED2A306C859 ] ss_mdm C:\Windows\system32\DRIVERS\ss_mdm.sys 22:13:50.0757 2640 ss_mdm - ok 22:13:50.0804 2640 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 22:13:50.0835 2640 Stereo Service - ok 22:13:50.0867 2640 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll 22:13:50.0898 2640 stisvc - ok 22:13:50.0929 2640 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys 22:13:50.0929 2640 swenum - ok 22:13:50.0976 2640 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll 22:13:51.0038 2640 swprv - ok 22:13:51.0054 2640 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 22:13:51.0069 2640 Symc8xx - ok 22:13:51.0085 2640 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 22:13:51.0101 2640 Sym_hi - ok 22:13:51.0101 2640 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 22:13:51.0116 2640 Sym_u3 - ok 22:13:51.0163 2640 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll 22:13:51.0257 2640 SysMain - ok 22:13:51.0303 2640 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:13:51.0366 2640 TabletInputService - ok 22:13:51.0397 2640 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll 22:13:51.0444 2640 TapiSrv - ok 22:13:51.0491 2640 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll 22:13:51.0522 2640 TBS - ok 22:13:51.0569 2640 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:13:51.0631 2640 Tcpip - ok 22:13:51.0725 2640 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 22:13:51.0787 2640 Tcpip6 - ok 22:13:51.0834 2640 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:13:51.0881 2640 tcpipreg - ok 22:13:51.0912 2640 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:13:51.0959 2640 TDPIPE - ok 22:13:51.0974 2640 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:13:52.0021 2640 TDTCP - ok 22:13:52.0052 2640 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:13:52.0099 2640 tdx - ok 22:13:52.0146 2640 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 22:13:52.0161 2640 TermDD - ok 22:13:52.0224 2640 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll 22:13:52.0271 2640 TermService - ok 22:13:52.0286 2640 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll 22:13:52.0302 2640 Themes - ok 22:13:52.0333 2640 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll 22:13:52.0364 2640 THREADORDER - ok 22:13:52.0395 2640 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll 22:13:52.0442 2640 TrkWks - ok 22:13:52.0473 2640 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:13:52.0536 2640 TrustedInstaller - ok 22:13:52.0567 2640 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:13:52.0629 2640 tssecsrv - ok 22:13:52.0676 2640 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 22:13:52.0754 2640 tunmp - ok 22:13:52.0785 2640 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:13:52.0863 2640 tunnel - ok 22:13:52.0879 2640 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 22:13:52.0895 2640 uagp35 - ok 22:13:52.0957 2640 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:13:53.0019 2640 udfs - ok 22:13:53.0051 2640 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:13:53.0082 2640 UI0Detect - ok 22:13:53.0113 2640 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:13:53.0129 2640 uliagpkx - ok 22:13:53.0191 2640 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys 22:13:53.0222 2640 uliahci - ok 22:13:53.0253 2640 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys 22:13:53.0285 2640 UlSata - ok 22:13:53.0300 2640 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 22:13:53.0316 2640 ulsata2 - ok 22:13:53.0347 2640 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 22:13:53.0378 2640 umbus - ok 22:13:53.0394 2640 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll 22:13:53.0456 2640 upnphost - ok 22:13:53.0534 2640 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 22:13:53.0581 2640 usbaudio - ok 22:13:53.0628 2640 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:13:53.0659 2640 usbccgp - ok 22:13:53.0690 2640 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:13:53.0768 2640 usbcir - ok 22:13:53.0846 2640 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:13:53.0924 2640 usbehci - ok 22:13:53.0971 2640 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:13:54.0049 2640 usbhub - ok 22:13:54.0080 2640 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 22:13:54.0096 2640 usbohci - ok 22:13:54.0127 2640 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:13:54.0158 2640 usbprint - ok 22:13:54.0174 2640 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:13:54.0236 2640 USBSTOR - ok 22:13:54.0252 2640 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 22:13:54.0283 2640 usbuhci - ok 22:13:54.0314 2640 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll 22:13:54.0330 2640 UxSms - ok 22:13:54.0361 2640 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe 22:13:54.0392 2640 vds - ok 22:13:54.0423 2640 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:13:54.0486 2640 vga - ok 22:13:54.0501 2640 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys 22:13:54.0533 2640 VgaSave - ok 22:13:54.0548 2640 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys 22:13:54.0564 2640 viaide - ok 22:13:54.0595 2640 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:13:54.0611 2640 volmgr - ok 22:13:54.0626 2640 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:13:54.0657 2640 volmgrx - ok 22:13:54.0720 2640 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:13:54.0798 2640 volsnap - ok 22:13:54.0829 2640 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 22:13:54.0845 2640 vsmraid - ok 22:13:54.0938 2640 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe 22:13:55.0125 2640 VSS - ok 22:13:55.0235 2640 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe 22:13:55.0375 2640 vToolbarUpdater14.2.0 - ok 22:13:55.0422 2640 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll 22:13:55.0531 2640 W32Time - ok 22:13:55.0547 2640 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 22:13:55.0609 2640 WacomPen - ok 22:13:55.0640 2640 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 22:13:55.0687 2640 Wanarp - ok 22:13:55.0687 2640 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:13:55.0703 2640 Wanarpv6 - ok 22:13:55.0749 2640 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:13:55.0827 2640 wcncsvc - ok 22:13:55.0843 2640 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:13:55.0874 2640 WcsPlugInService - ok 22:13:55.0874 2640 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys 22:13:55.0890 2640 Wd - ok 22:13:55.0999 2640 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:13:56.0171 2640 Wdf01000 - ok 22:13:56.0233 2640 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:13:56.0280 2640 WdiServiceHost - ok 22:13:56.0295 2640 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:13:56.0327 2640 WdiSystemHost - ok 22:13:56.0358 2640 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll 22:13:56.0436 2640 WebClient - ok 22:13:56.0529 2640 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:13:56.0592 2640 Wecsvc - ok 22:13:56.0592 2640 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:13:56.0623 2640 wercplsupport - ok 22:13:56.0639 2640 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll 22:13:56.0685 2640 WerSvc - ok 22:13:56.0717 2640 WinDefend - ok 22:13:56.0732 2640 WinHttpAutoProxySvc - ok 22:13:56.0779 2640 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:13:56.0888 2640 Winmgmt - ok 22:13:56.0982 2640 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll 22:13:57.0107 2640 WinRM - ok 22:13:57.0185 2640 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll 22:13:57.0309 2640 Wlansvc - ok 22:13:57.0497 2640 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:13:57.0575 2640 wlidsvc - ok 22:13:57.0606 2640 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 22:13:57.0653 2640 WmiAcpi - ok 22:13:57.0731 2640 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:13:57.0762 2640 wmiApSrv - ok 22:13:57.0793 2640 WMPNetworkSvc - ok 22:13:57.0871 2640 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:13:57.0980 2640 WPCSvc - ok 22:13:58.0043 2640 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:13:58.0074 2640 WPDBusEnum - ok 22:13:58.0105 2640 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 22:13:58.0245 2640 WpdUsb - ok 22:13:58.0682 2640 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 22:13:58.0745 2640 WPFFontCache_v0400 - ok 22:13:58.0791 2640 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:13:58.0854 2640 ws2ifsl - ok 22:13:58.0916 2640 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll 22:13:58.0932 2640 wscsvc - ok 22:13:58.0932 2640 WSearch - ok 22:13:59.0010 2640 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 22:13:59.0103 2640 wuauserv - ok 22:13:59.0135 2640 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:13:59.0244 2640 WudfPf - ok 22:13:59.0259 2640 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:13:59.0291 2640 WUDFRd - ok 22:13:59.0322 2640 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:13:59.0369 2640 wudfsvc - ok 22:13:59.0369 2640 ================ Scan global =============================== 22:13:59.0400 2640 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 22:13:59.0478 2640 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 22:13:59.0509 2640 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 22:13:59.0540 2640 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe 22:13:59.0540 2640 [Global] - ok 22:13:59.0540 2640 ================ Scan MBR ================================== 22:13:59.0556 2640 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 22:13:59.0852 2640 \Device\Harddisk0\DR0 - ok 22:13:59.0852 2640 ================ Scan VBR ================================== 22:13:59.0852 2640 [ 1F80C5809282401AF3A76F84EF9E91C9 ] \Device\Harddisk0\DR0\Partition1 22:13:59.0868 2640 \Device\Harddisk0\DR0\Partition1 - ok 22:13:59.0868 2640 ============================================================ 22:13:59.0868 2640 Scan finished 22:13:59.0868 2640 ============================================================ 22:13:59.0883 4888 Detected object count: 3 22:13:59.0883 4888 Actual detected object count: 3 22:14:38.0447 4888 ETService ( UnsignedFile.Multi.Generic ) - skipped by user 22:14:38.0447 4888 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:14:38.0447 4888 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 22:14:38.0447 4888 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:14:38.0447 4888 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user 22:14:38.0447 4888 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
04.03.2013, 22:22
| #8 |
| /// Malware-holic | Link in GMX-Mail angeklickt - Folgen??? passt Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 22:27
| #9 |
| | Link in GMX-Mail angeklickt - Folgen??? Speichere Combofix auf deinem Desktop. Wenn ich etwas downloade liegt das automatisch unter Downloads, von wo ich es per Doppelklick öffnen kann. Muss das auf den Desktop gespeichert werden? Weiß nämlich nicht, wie das geht. Sag ja... Anwender-Dummie *schäm |
|
04.03.2013, 22:28
| #10 |
| /// Malware-holic | Link in GMX-Mail angeklickt - Folgen??? markieren, rechtsklick, ausschneiden, rechtsklick auf destkop, einfügen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 22:40
| #11 |
| | Link in GMX-Mail angeklickt - Folgen??? Danke. Liegt nun auf dem Desktop. Und wie poste ich in CODE-Tags? Nein, ich stell mich nicht dumm, ich bin so unwissend! Habe aber gerade gegoogelt. Das sind diese eckigen Klammern oder? Nur ganz kurz (da von meinem Arbeitsplatz) eine Rückmeldung: Habe Combofix gestern durchlaufen lassen nach Anleitung. Danach wurde der Computer neugestartet. Das Hochfahren dauerte sehr lange und zwischendurch steht längere Zeit ein ganz schwarzer Bildschirm, aber irgendwann geht es dann weiter. Es kamen Meldungen, dass zu Windows-Diensten keine Rückmeldung möglich ist, außerdem irgendeine Meldung rund um Netzwerkzugehörigkeit. Ich wollte dir dann die Logdatei hier posten, aber musste dann feststellen, dass der PC keine Internetverbindung mehr hinbekommt. Auch nach zweifachem Neustart änderte sich nichts daran. Ich versuche heute abend mal, ob ich mit dem Laptop meines Kindes Verbindung bekommen kann, damit ich dir die Daten hier posten kann. Bin schon völlig verzweifelt, da ich nicht weiß, ob ich den Internetanschluss selber wieder hinbekomme. Hmm, weiss jetzt nicht, warum meine letzte Meldung von gestern abend und meine Nachricht aus dem Büro in einem Posting gelandet sind. Also, mit dem Laptop meines Kindes komme ich noch ins Internet, wie man sieht. Irgendeine Einstellung scheint das letzte Programm geändert/gelöscht zu haben, dass es von meinem PC aus nicht mehr geht. Die Fehlermeldungen dort waren: Es kann keine Verbindung zu einem Windowsdienst (Benachrichtigungsdienst fr Systemereignisse) hergestellt werden. Außerdem: Verbindungsstatus: unbekannt Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden. Und die Fritzzbox-Fehlerdiagnose sagt: Fehler beim Initialisieren der Windows-Sockets. Und mir sagt das alles rein gar nix  Wie krieg ich das nun wieder ans Laufen? Was kann da passiert sein? Und noch eine Frage: Wenn ich jetzt z.B. die Logdatei per Stick auf diesen Laptop hole, um sie von hier zu senden, kann ich diesen Laptop auf dem Weg mit etwas infizieren? Und kann ich von diesem Laptop gefahrlos auf mein Postfach zugreifen oder könnte ich damit etwas einschleppen? Warum erscheint das jetzt alles als ein Posting und nicht als neue Beiträge? Hilfe... |
|
05.03.2013, 19:46
| #12 |
| /// Malware-holic | Link in GMX-Mail angeklickt - Folgen??? hi autorun aus: http://www.trojaner-board.de/83238-a...sschalten.html dann kannst du es kopieren. bitte mal anleitung zum netzwerk verbindung reparieren lesen: Ein Leitfaden und Tutorium zur Nutzung von ComboFix evtl. treiber neu instalieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.03.2013, 21:55
| #13 |
| | Link in GMX-Mail angeklickt - Folgen??? Internet kann ich nach der Anleitung nicht reparieren. Bei mir gibt es da zwar irgendwo einen Diagose und Reparaturpunkt (nur reparieren finde ich nicht), aber damit funktioniert es nicht. Autorun habe ich rausgenommen und die Datei per Stick rübergeholt. Hier ist sie (hoffe, ich habe das mit den code-tags richtig hinbekommen): Code:
ATTFilter ComboFix 13-03-04.01 - ***04.03.2013 22:51:22.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4093.2688 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\98\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\ME\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\VISTAXP2K\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\VISTAXP2K\amd64\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\VISTAXP2K\x86\_desktop.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-04 bis 2013-03-04 ))))))))))))))))))))))))))))))
.
.
2013-03-04 22:02 . 2013-03-04 22:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-04 22:02 . 2013-03-04 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-04 20:38 . 2013-03-04 20:38 -------- d-----w- C:\_OTL
2013-03-03 17:56 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-03 17:56 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-03 17:55 . 2012-02-29 14:06 1556480 ----a-w- c:\windows\system32\DWrite.dll
2013-03-03 17:55 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-03-03 17:55 . 2012-03-01 15:39 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-03 17:55 . 2012-03-01 15:39 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2013-03-03 17:55 . 2012-03-01 14:46 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-03 17:55 . 2012-03-01 14:46 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-03-03 17:55 . 2012-02-29 14:40 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-03 17:55 . 2012-02-29 14:09 834048 ----a-w- c:\windows\system32\d2d1.dll
2013-03-03 17:55 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-03-03 17:55 . 2012-02-29 13:44 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-03 17:55 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-03 17:55 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-03-02 21:30 . 2013-03-02 21:30 -------- d-----w- c:\program files\Windows Portable Devices
2013-03-02 21:30 . 2013-03-02 21:30 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2013-03-02 21:29 . 2013-03-02 21:29 -------- d-----w- c:\windows\SysWow64\spool
2013-03-02 20:40 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-02 20:40 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-02 20:40 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-02 20:40 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-02 20:40 . 2009-07-14 12:19 20480 ----a-w- c:\windows\system32\winusb.dll
2013-03-02 20:40 . 2009-07-14 12:12 16896 ----a-w- c:\windows\SysWow64\winusb.dll
2013-03-02 20:40 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-03-02 20:40 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-02 20:40 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-02 20:40 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-02 20:40 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-02 20:40 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-02 20:40 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-02 20:31 . 2013-03-02 20:31 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2013-03-02 20:29 . 2013-03-02 20:29 3584 ----a-w- c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2013-03-02 20:04 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-02 20:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-03-02 20:04 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2013-03-02 20:04 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-03-02 20:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2013-03-02 20:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2013-03-02 20:04 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2013-03-02 20:04 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2013-03-02 20:04 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-03-02 20:04 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-03-02 20:04 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-03-02 19:48 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
2013-03-02 19:48 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-02 19:48 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
2013-03-02 19:48 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-02 19:42 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2013-03-02 19:42 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2013-03-02 19:42 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2013-03-02 19:42 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2013-03-02 19:42 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2013-03-02 19:42 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2013-03-02 19:42 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2013-03-02 19:42 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2013-03-02 19:42 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-02 19:42 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-02 19:42 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
2013-03-02 19:40 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2013-03-02 19:40 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2013-03-02 19:39 . 2011-10-25 16:13 352256 ----a-w- c:\windows\system32\qdvd.dll
2013-03-02 19:39 . 2011-10-25 15:58 497152 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-03-02 19:39 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2013-03-02 19:39 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2013-03-02 19:39 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2013-03-02 19:37 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2013-03-02 19:35 . 2013-01-04 01:59 2773504 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 19:25 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll
2013-03-02 19:25 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2013-03-02 19:25 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-03-02 19:25 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2013-03-02 19:25 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
2013-03-02 19:25 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2013-03-02 19:25 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2013-02-22 12:13 . 2013-02-22 12:13 -------- d-----w- c:\program files (x86)\SaalDesignSoftware
2013-02-18 13:27 . 2013-02-18 13:28 -------- d-----w- c:\windows\SysWow64\ca-ES
2013-02-18 13:27 . 2013-02-18 13:28 -------- d-----w- c:\windows\SysWow64\vi-VN
2013-02-18 13:27 . 2013-02-18 13:28 -------- d-----w- c:\windows\SysWow64\eu-ES
2013-02-18 13:27 . 2013-02-18 13:28 -------- d-----w- c:\windows\system32\ca-ES
2013-02-18 13:27 . 2013-02-18 13:28 -------- d-----w- c:\windows\system32\eu-ES
2013-02-18 13:27 . 2013-02-18 13:28 -------- d-----w- c:\windows\system32\vi-VN
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-20 19:36 . 2012-05-28 20:17 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-20 19:36 . 2012-02-14 21:13 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 15:57 . 2012-09-04 15:59 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-02-17 15:13 . 2006-11-02 12:35 70004024 ----a-w- c:\windows\system32\mrt.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-19 15:57 1929392 ----a-w- c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-19 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-24 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-19 1151152]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\users\***\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe [2012-10-28 80896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-24 12:06 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 15:10]
.
2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 15:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-24 6242816]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"FujiKeyboard"="c:\acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe" [2008-09-18 79416]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_x4614_ge
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0409&m=imedia_x4614_ge
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\36xofyxm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Tales of Monkey Island - i:\monkey island\Tales of Monkey Island\UNINSTALL_MonkeyIsland100.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe
c:\windows\system32\HidService.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
c:\acer\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe
c:\windows\SysWOW64\conime.exe
c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-04 23:14:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-04 22:14
.
Vor Suchlauf: 8 Verzeichnis(se), 133.434.798.080 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 134.182.576.128 Bytes frei
.
- - End Of File - - 01ADC9DD7418571055A04737788763D6
|
|
06.03.2013, 17:47
| #14 |
| /// Malware-holic | Link in GMX-Mail angeklickt - Folgen??? Hi hast du mal versucht über einen anderen pc die Treiber für dein gerät zu laden und neu zu instalieren? gerätebezeichnung steht entweder auf dem gerät selbst oder im kaufvertrag
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.03.2013, 08:01
| #15 |
| | Link in GMX-Mail angeklickt - Folgen??? Ich werde es heute Abend versuchen. |
|
| Themen zu Link in GMX-Mail angeklickt - Folgen??? |
| absender, anderen, anti, avg, daten, eingefangen, email, ergebnisse, folge, free, gen, geschlossen, gmx, infiziert, klick, link, programme, prüfen, scan, virus, vista, werbeseite, windows, windows vista, wirklich |
WARNUNG an die MITLESER: 
Linear-Darstellung
