| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC verweigert Windows-UpdateWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.04.2013, 18:32
| #1 |
  |  PC verweigert Windows-Update Hallihallo! Nach dem mir die Gratislizenz von AviraInternetSecurity 2012 ausgelaufen ist, habe ich es deinstalliert - soweit so gut. Auch eine Installation von Avira Free hat nicht geschadet. Jetzt hab ich aber zwei Probleme
Ich hab schon Fix-It von Microsoft versucht - nix. Da Avira im Moment nicht funktioniert hab ich mal das Microsoft Essentials eingeschaltet..... Hoffe dass ihr mir helfen könnt.....  Der Spass geht weiter....siehe anhang.... |
|
26.04.2013, 06:45
| #2 |
| /// Malwareteam    | PC verweigert Windows-Update Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:
__________________An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten? Hinweis: Poste die erstellten Logfiles hier in deinem Thema - erstelle kein neues! Falls bereits installierte Antivirensoftware Funde gemeldet hat: Füge unbedingt die entsprechenden Logdateien bei! Wichtig:Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).
__________________ |
|
26.04.2013, 16:34
| #3 |
| | PC verweigert Windows-Update Hallo
__________________Ich bestätige die Regeln des Trojanerboards! dass ihr mir helfen wollt!Witzigerweise funktioniert Windows Update wieder (vorhin hat er nämlich gemeckert, dass Updates da seien), aber Avira kann ich immer noch nicht updaten..... Hier mal die Logs: Otl.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 26.04.2013 16:33:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 5,91 Gb Total Physical Memory | 3,80 Gb Available Physical Memory | 64,30% Memory free 11,83 Gb Paging File | 9,07 Gb Available in Paging File | 76,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238,47 Gb Total Space | 145,65 Gb Free Space | 61,08% Space Free | Partition Type: NTFS Drive D: | 332,70 Gb Total Space | 330,38 Gb Free Space | 99,30% Space Free | Partition Type: NTFS Computer Name: ASUS-X73S | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.26 16:29:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.19 08:12:28 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.05 21:41:44 | 000,418,024 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe PRC - [2013.02.25 15:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 15:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.10.06 06:04:12 | 002,655,768 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.06 06:04:08 | 000,325,656 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.08.17 23:55:42 | 005,732,992 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2007.11.30 20:20:44 | 000,051,768 | -H-- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2012.12.10 03:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll MOD - [2009.10.07 22:28:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\ImageConverter Plus\gpgate.dll MOD - [2009.10.07 22:24:06 | 001,339,392 | ---- | M] () -- C:\Program Files (x86)\ImageConverter Plus\fcnv.dll MOD - [2009.10.07 22:22:12 | 006,803,456 | ---- | M] () -- C:\Program Files (x86)\ImageConverter Plus\fpdf.dll MOD - [2009.10.07 22:22:04 | 001,183,744 | ---- | M] () -- C:\Program Files (x86)\ImageConverter Plus\FCRTL.dll MOD - [2009.10.07 22:18:56 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\ImageConverter Plus\MemHandler.dll MOD - [2007.11.30 20:20:44 | 000,051,768 | -H-- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2012.07.11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ) SRV:64bit: - [2010.11.30 22:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.11.30 00:00:56 | 000,149,504 | -H-- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010.10.26 23:24:36 | 000,403,536 | -H-- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp) SRV - [2013.04.25 17:53:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.13 18:25:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.02.25 15:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 15:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.26 16:09:22 | 001,225,312 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2012.11.26 16:09:20 | 000,659,040 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.08.18 12:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4) SRV - [2012.07.20 20:08:04 | 008,186,368 | ---- | M] () [Disabled | Stopped] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2012.05.11 09:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server) SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2010.10.06 06:04:12 | 002,655,768 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.06 06:04:08 | 000,325,656 | -H-- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.06.07 08:39:36 | 005,395,968 | ---- | M] (hMailServer) [Disabled | Stopped] -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe -- (hMailServer) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 19:39:38 | 000,096,896 | -H-- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.11.24 10:55:54 | 000,099,720 | ---- | M] (Global Graphics Software Ltd) [Disabled | Stopped] -- C:\Windows\SysWOW64\DCMessages.exe -- (DCMessages) SRV - [2009.07.14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp) SRV - [2009.06.16 02:30:42 | 000,084,536 | -H-- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2004.03.30 17:15:24 | 000,090,183 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\PortReporter\portreporter.exe -- (PortReporter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.06 15:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Disabled | Unknown] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.26 15:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.26 15:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Unknown] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.03.01 02:02:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.09.27 12:36:26 | 000,136,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv05.sys -- (acedrv05) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV) DRV:64bit: - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL) DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.12.13 15:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.11.30 00:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 00:53:12 | 001,147,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.08.11 08:11:26 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.10.05 03:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV:64bit: - [2006.10.18 02:00:00 | 000,052,760 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2010.07.26 22:57:20 | 000,017,024 | -H-- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 02:36:14 | 000,015,416 | -H-- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 89 27 EF D1 20 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.ch" FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: %7B00F0643E-B367-4779-B45D-7046EBA37A88%7D:13.0.1.9979 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.3.0 FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.31 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20121231-0404: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.33: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@greentube.com/GreenWebPlayer: C:\Games\GreenWebPlayer\npgreenwebplayer.dll (Greentube Internet Entertainment Solutions GmbH) FF - HKCU\Software\MozillaPlugins\@stonetrip.com/ShiVaWebPlayer,version=1.8.0.0: C:\Users\*****\AppData\Roaming\..\LocalLow\StoneTrip\Web Player\npShiVa3D.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Password Manager 2012\spmplugin3 [2012.12.10 07:40:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 18:25:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.07 16:38:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\koq680jp.default\extensions\extension@preispilot.com [2011.08.07 13:03:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2013.04.25 17:36:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\koq680jp.default\extensions [2013.04.07 11:55:58 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\koq680jp.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013.04.03 15:25:09 | 000,000,000 | ---D | M] (WOT) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\koq680jp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.04.13 18:25:22 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\koq680jp.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2013.03.03 06:55:08 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.12.24 12:51:14 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\elemhidehelper@adblockplus.org.xpi [2012.12.29 09:45:25 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\extension@preispilot.com.xpi [2013.04.25 17:36:04 | 000,532,430 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.12.28 21:16:41 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013.02.15 19:55:24 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.26 09:01:56 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.02.07 08:09:42 | 000,698,764 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013.02.25 07:07:03 | 000,002,341 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\searchplugins\anderes-wortde.xml [2013.02.16 15:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.10 07:40:10 | 000,000,000 | ---D | M] (Steganos Password Manager) -- C:\PROGRAM FILES (X86)\STEGANOS PASSWORD MANAGER 2012\SPMPLUGIN3 [2013.04.13 18:25:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.26 07:03:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.26 07:03:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.26 07:03:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.26 07:03:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.26 07:03:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.26 07:03:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Advanced SystemCare 6 (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin/ASCPlugin_Protect.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: GreenWebPlayer (Enabled) = C:\Games\GreenWebPlayer\npgreenwebplayer.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Advanced SystemCare 6 Opera Plugin (Enabled) = C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll CHR - plugin: ShiVa3D Plugin (Enabled) = C:\Users\*****\AppData\Roaming\..\LocalLow\StoneTrip\Web Player\npShiVa3D.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Google Drive = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ CHR - Extension: Gmail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.03.25 06:58:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 2012\SPMIEToolbar.dll (Steganos Software GmbH) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Password Manager 2012\SPMIEToolbar.dll (Steganos Software GmbH) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.210 88.84.16.108 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ackermann-home.ch O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52ACCD0C-CD6E-4B80-B520-286DEEC015E3}: NameServer = 192.168.0.220,192.168.0.210 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC6F69AF-BEC2-436E-AA09-0D9DE562E21B}: NameServer = 127.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B07140-174D-4590-A16C-E4C23E71385D}: DhcpNameServer = 192.168.0.210 88.84.16.108 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B07140-174D-4590-A16C-E4C23E71385D}: NameServer = 192.168.0.220,192.168.0.210 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.12.24 09:00:08 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.26 16:32:30 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board-Dateien [2013.04.26 16:29:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.04.26 07:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LTC [2013.04.26 07:11:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AF Signal Generator [2013.04.26 07:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AF Signal Generator [2013.04.26 07:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AF Signal Generator [2013.04.26 06:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.04.25 19:26:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.04.25 18:57:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com [2013.04.25 18:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013.04.25 18:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013.04.25 18:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013.04.25 17:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Bagger-Simulator 2011 [2013.04.25 17:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.25 17:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bagger-Simulator 2011 [2013.04.25 17:51:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bagger-Simulator 2011 [2013.04.25 17:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bagger-Simulator 2011 [2013.04.25 17:33:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Avira [2013.04.25 17:32:37 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.25 17:32:37 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.25 17:32:37 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.04.13 08:20:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Hide Folder [2013.04.13 08:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Hide Folder [2013.04.13 08:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Hide Folder [2013.04.05 15:01:06 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\SimCity [2013.04.05 14:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™ [2013.04.05 14:33:51 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.04.05 14:23:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Origin [2013.04.05 14:23:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.04.05 14:23:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Origin [2013.04.05 14:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.04.05 14:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.04.05 14:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013.03.29 20:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ravensburger [2013.03.29 20:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ravensburger [2013.03.28 19:00:56 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Speech Macros [2013.03.28 19:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WSRMacros [2013.03.27 17:05:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\MigWiz ========== Files - Modified Within 30 Days ========== [2013.04.26 16:32:36 | 000,058,709 | ---- | M] () -- C:\Users\*****\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm [2013.04.26 16:32:04 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable [2013.04.26 16:30:20 | 000,377,856 | ---- | M] () -- C:\Users\*****\Desktop\gmer_2.1.19163.exe [2013.04.26 16:29:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.04.26 16:29:27 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe [2013.04.26 16:28:46 | 000,003,677 | ---- | M] () -- C:\Windows\scad3.INI [2013.04.26 16:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.26 16:26:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 16:26:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 16:23:31 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.26 16:22:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.26 07:12:35 | 000,001,177 | ---- | M] () -- C:\Users\*****\Desktop\LTspice IV.lnk [2013.04.26 06:46:33 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.26 06:46:01 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job [2013.04.26 06:45:48 | 467,787,775 | -HS- | M] () -- C:\hiberfil.sys [2013.04.26 06:44:23 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.04.26 05:37:36 | 000,556,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.25 19:28:24 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.25 18:56:55 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013.04.25 17:51:22 | 000,001,980 | ---- | M] () -- C:\Users\*****\Desktop\Bagger-Simulator 2011.lnk [2013.04.25 17:51:22 | 000,001,229 | ---- | M] () -- C:\Users\*****\Desktop\Bagger-Simulator 2011 Anleitung.lnk [2013.04.25 17:19:14 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.04.13 18:28:11 | 001,672,432 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.13 18:28:11 | 000,723,122 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.13 18:28:11 | 000,668,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.13 18:28:11 | 000,156,670 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.13 18:28:11 | 000,129,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.13 08:20:11 | 000,000,970 | ---- | M] () -- C:\Users\*****\Desktop\Free Hide Folder.lnk [2013.04.11 14:05:52 | 000,007,665 | ---- | M] () -- C:\Users\*****\AppData\Local\recently-used.xbel [2013.04.11 09:51:40 | 000,008,606 | ---- | M] () -- C:\Users\*****\Desktop\195XtpMVSGt9hE3y_18378.jpg [2013.04.05 14:35:21 | 000,001,278 | ---- | M] () -- C:\Users\Public\Desktop\SimCity™.lnk [2013.04.05 14:21:12 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.29 20:38:33 | 000,000,230 | ---- | M] () -- C:\Windows\5Freunde.ini [2013.03.29 20:38:32 | 000,002,176 | ---- | M] () -- C:\Users\Public\Desktop\Fünf Freunde auf Schatzsuche.lnk [2013.03.28 19:06:30 | 000,000,103 | ---- | M] () -- C:\Users\*****\Desktop\ruhezustand.bat [2013.03.28 18:38:00 | 000,001,494 | ---- | M] () -- C:\Users\*****\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2013.04.26 16:32:30 | 000,058,709 | ---- | C] () -- C:\Users\*****\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm [2013.04.26 16:32:04 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable [2013.04.26 16:30:19 | 000,377,856 | ---- | C] () -- C:\Users\*****\Desktop\gmer_2.1.19163.exe [2013.04.26 16:29:18 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe [2013.04.26 16:26:16 | 000,003,677 | ---- | C] () -- C:\Windows\scad3.INI [2013.04.26 07:12:35 | 000,001,177 | ---- | C] () -- C:\Users\*****\Desktop\LTspice IV.lnk [2013.04.26 05:37:08 | 000,556,480 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.25 18:56:55 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013.04.25 17:51:22 | 000,001,980 | ---- | C] () -- C:\Users\*****\Desktop\Bagger-Simulator 2011.lnk [2013.04.25 17:51:22 | 000,001,229 | ---- | C] () -- C:\Users\*****\Desktop\Bagger-Simulator 2011 Anleitung.lnk [2013.04.25 17:32:39 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.04.13 08:20:11 | 000,000,970 | ---- | C] () -- C:\Users\*****\Desktop\Free Hide Folder.lnk [2013.04.11 14:05:52 | 000,007,665 | ---- | C] () -- C:\Users\*****\AppData\Local\recently-used.xbel [2013.04.11 09:51:38 | 000,008,606 | ---- | C] () -- C:\Users\*****\Desktop\195XtpMVSGt9hE3y_18378.jpg [2013.04.05 14:34:01 | 000,001,278 | ---- | C] () -- C:\Users\Public\Desktop\SimCity™.lnk [2013.04.05 14:21:12 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.03.29 20:38:32 | 000,002,176 | ---- | C] () -- C:\Users\Public\Desktop\Fünf Freunde auf Schatzsuche.lnk [2013.03.29 20:38:32 | 000,000,230 | ---- | C] () -- C:\Windows\5Freunde.ini [2013.03.28 19:06:30 | 000,000,103 | ---- | C] () -- C:\Users\*****\Desktop\ruhezustand.bat [2013.03.28 19:00:32 | 000,000,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Speech Recognition Macros.lnk [2013.03.28 18:36:56 | 000,001,494 | ---- | C] () -- C:\Users\*****\Desktop\Mozilla Firefox.lnk [2012.12.26 17:12:01 | 000,668,057 | ---- | C] () -- C:\Users\*****\wartung.xcf [2012.12.18 07:45:48 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.12.16 19:17:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2012.12.11 20:36:02 | 000,000,678 | ---- | C] () -- C:\Windows\DesktopSchneeFree.ini [2012.11.15 13:55:36 | 000,116,380 | ---- | C] () -- C:\Windows\GXTranscoder v2 Uninstaller.exe [2012.11.03 09:01:40 | 000,246,028 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012.10.30 18:26:23 | 000,456,192 | ---- | C] () -- C:\Windows\SetACL.exe [2012.10.23 19:13:00 | 000,438,272 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll [2012.09.25 12:21:40 | 000,000,045 | ---- | C] () -- C:\Users\*****\.edu.xtec.properties [2012.09.23 07:51:23 | 000,087,704 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2012.09.20 04:50:16 | 000,089,069 | ---- | C] () -- C:\Users\*****\test.png [2012.08.29 04:54:41 | 000,000,048 | ---- | C] () -- C:\Users\*****\.jupload.properties [2012.07.06 16:41:01 | 000,015,760 | ---- | C] () -- C:\Windows\SysWow64\DCMessagesPS.dll [2012.07.06 16:41:01 | 000,000,737 | ---- | C] () -- C:\Windows\SysWow64\oemsetup.ini [2012.04.17 18:34:00 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll [2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.12.17 08:01:00 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.12.17 08:01:00 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2011.12.17 08:01:00 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2011.11.06 11:16:39 | 000,000,880 | ---- | C] () -- C:\Users\*****\.recently-used.xbel.fss [2011.09.30 17:06:06 | 001,650,326 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.27 12:32:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\acedrv05.dll [2011.08.21 10:06:18 | 000,000,680 | RHS- | C] () -- C:\Users\*****\ntuser.pol [2011.08.19 17:40:11 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.08.18 16:57:37 | 000,007,670 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg [2011.08.17 14:56:59 | 000,000,128 | ---- | C] () -- C:\Users\*****\Alle.fss [2011.08.07 12:19:57 | 000,012,288 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.22 12:41:40 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011.06.22 12:41:37 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2011.06.22 12:41:37 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2011.06.22 12:35:04 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.09 18:09:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft [2011.10.28 20:50:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\aicon [2013.01.15 18:42:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AltiumDesignerSummer09 [2011.09.22 16:35:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Anvil Studio [2011.12.09 06:35:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ASCOMP Software [2012.09.08 17:33:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ashampoo [2011.11.04 18:40:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ASUS WebStorage [2013.03.14 18:01:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity [2012.03.06 18:30:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Autodesk [2012.02.07 18:25:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Blender Foundation [2011.10.05 18:47:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canon [2013.03.06 18:44:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Clickteam [2012.01.04 13:45:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\concept design [2013.03.24 10:16:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DesktopIconForAmazon [2013.01.15 20:23:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dev-Cpp [2012.07.01 16:27:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft [2012.05.08 17:50:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\engadven [2011.12.12 17:47:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EurekaLog [2012.08.25 07:09:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla [2012.07.01 08:32:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Firefly Studios [2012.08.25 07:01:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FlashFXP [2011.12.18 11:01:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Franzis [2012.12.09 17:20:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Free MP3 WMA OGG Converter [2011.09.22 16:04:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo [2011.10.16 10:25:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GlarySoft [2012.07.06 16:42:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Global Graphics [2012.04.16 09:00:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0 [2012.12.11 20:51:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Home Sweet Home Christmas [2013.01.24 07:28:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ-Profile [2013.01.24 07:22:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQM [2012.12.24 07:22:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IObit [2011.08.08 16:31:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\iPodder [2011.09.03 09:21:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IrfanView [2013.03.24 15:14:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\KeePass [2011.08.11 19:09:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leadertech [2013.02.07 09:03:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lindy [2012.01.08 15:09:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAGIX [2011.12.18 09:58:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Need for Speed World [2013.04.26 06:01:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Notepad++ [2011.09.17 15:34:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nuance [2012.12.18 07:45:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OCS [2013.02.09 08:20:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org [2012.12.18 07:45:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera [2013.04.05 14:24:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin [2012.07.01 16:26:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Philipp Winterberg [2011.09.18 08:24:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PlayFirst [2012.09.26 12:23:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ProtectDISC [2012.08.08 18:59:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\QuickScan [2011.09.24 12:44:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\RavensburgerTipToi [2011.08.17 19:30:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Samsung [2012.06.02 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client [2011.12.12 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Softplicity [2012.01.06 17:48:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Software Informer [2011.10.29 08:10:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Solveig Multimedia [2012.12.10 18:59:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Steganos [2012.07.05 06:41:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\StoneTrip [2012.12.12 19:23:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\StreamTorrent [2012.09.18 19:27:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer [2011.11.03 22:59:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\temp [2011.08.07 13:24:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2011.09.09 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client [2011.09.09 17:57:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ts3overlay [2013.01.03 17:35:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Wargaming.net [2012.08.28 16:14:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Webocton - Scriptly [2011.09.20 18:00:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Wildlife Park 2 [2011.09.21 17:18:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2013.03.27 07:19:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinPatrol [2011.08.08 15:32:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34 < End of report > Extras.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.04.2013 16:33:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
5,91 Gb Total Physical Memory | 3,80 Gb Available Physical Memory | 64,30% Memory free
11,83 Gb Paging File | 9,07 Gb Available in Paging File | 76,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 145,65 Gb Free Space | 61,08% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 330,38 Gb Free Space | 99,30% Space Free | Partition Type: NTFS
Computer Name: ASUS-X73S | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C52BD39-CE83-4D08-A0E1-4D7DD3B5C055}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1354FFD8-C43B-4C4A-A176-A496BB82AC57}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{18C59779-E34C-4A0B-B1C2-E9F74C4C3E01}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1B1B4F22-73CB-41A6-A130-F9E1030CD0E5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{27C3C985-D678-42C3-A3D4-9FCDEBCAEF95}" = rport=137 | protocol=17 | dir=out | app=system |
"{3766F919-9C65-4A71-B009-B6ABA23013FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44DDB1F6-C98E-40A3-8ADA-38D8B42CE7E0}" = rport=139 | protocol=6 | dir=out | app=system |
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{52AD3C9B-FF9A-4CB6-AE61-BF7D4F34218E}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E316A5E-FE5F-4ECF-BBD8-8CE56D188F1A}" = lport=445 | protocol=6 | dir=in | app=system |
"{5ED0E8E5-1CF3-42DE-94F0-A0EE25EFC5A6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{609CB0BC-AE3E-4427-A317-1E9EA53D47E2}" = lport=138 | protocol=17 | dir=in | app=system |
"{66FDBFCC-BF9D-4F47-A401-265D032F6D78}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6D8D8A91-F7F5-4ADF-8488-304D195EC39A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78E66EB0-B4CE-49EA-B158-52EABC84B842}" = lport=137 | protocol=17 | dir=in | app=system |
"{7D4A9835-E85F-4359-8285-A205313C8097}" = lport=3306 | protocol=6 | dir=in | name=mysql server |
"{8C8898D9-8936-4C85-9287-33BF732EC53C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9EF19B17-7BEA-4B1D-B771-C6598E9E8583}" = rport=445 | protocol=6 | dir=out | app=system |
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{B68832B1-FB7C-4F51-8F3F-C2226EA8CDAD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6DF1D72-D79C-474C-8590-99A11E372B3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4C7BBE5-D323-40B4-8C4F-D09E960E66CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E40810E3-B466-49CC-862C-262C2A9DFD86}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E88157B5-66E2-4965-BEDB-9E78D1AC8F1F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA828933-6992-41F6-B3AC-8AFD775F8D90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCE9A7E1-49D9-457D-B41E-80558B7FF46F}" = lport=139 | protocol=6 | dir=in | app=system |
"{FCF0F2AF-6B8D-488D-BD55-2F98AE5444B0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FD31D710-03EE-45A2-940D-055F9F2123BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BA9C06-CF22-4DBE-953A-95133ECF98F0}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{044B7A42-6B69-46C0-AA7E-FC2FBF63393F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0633A6BC-3D34-48D4-AED0-76FAFD1042C3}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{07D57583-FD04-4433-82A9-6A935B0E0128}" = protocol=17 | dir=in | app=c:\icpdas\hmiworks_standard\bin\hmiworks_standard.exe |
"{099EB733-C8A4-4C4F-AE8A-7A385490ECF5}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
"{09B8E06B-44E6-4AC6-B2EA-587E65C7B3D3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0A2E5E47-A0A7-43B5-8A11-56E623F213F3}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{0A609099-1FAD-4974-92A1-C685A71C0FC7}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
"{0B07B5A9-2A0E-462B-9FA7-A78CA3CF1E63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C4B143D-03B9-4A0A-AD17-C7AB9388919C}" = protocol=6 | dir=out | app=system |
"{0D0BD425-AB0C-4B2D-A3CD-0E56368E653A}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{113FBE06-F6BB-48E1-B16A-F7157918D3B6}" = protocol=6 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012.exe |
"{11EA12D6-461A-4C69-91E7-8E5385E9DA37}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{19320639-2E27-497F-922D-801F85D35718}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23618935-C3FE-4204-90D9-F76A3A557702}" = dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe |
"{24DCBDAA-02F1-4A96-8E92-19D974D736DE}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{29544FC4-5240-4D7B-BADF-8C3F5A24F25C}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{2DDA6028-9F3B-4686-84A0-6596A0AF6F7D}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{2F9A62DF-8173-4368-9350-EE240E1766AE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{391CD310-DCC5-4F42-B7C9-04A62BF4FA5A}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{3B4B1419-745D-4CC1-9BC2-67D07775D97A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4008E305-D35A-49DA-80BF-29B31EA269BC}" = protocol=6 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\game.exe |
"{47337177-E4FE-4F0F-8071-495EE6861915}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{48EF5628-BBEA-4D8B-8513-C5465FCF35EF}" = protocol=6 | dir=in | app=c:\icpdas\hmiworks_standard\bin\hmiworks_standard.exe |
"{50BCBB85-98A6-42A7-9783-1FD39CA804FF}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"{52E974FB-A34C-4495-B131-3E13655FA94A}" = protocol=6 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012game.exe |
"{54821D7A-C83E-42D7-BCA6-C1CAC5B55786}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{54DC93AA-A8AE-4E55-9FC5-7E608B310DFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56B5F0C7-6A62-4FFE-B96F-41ABEF55F736}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{597D78C0-C6FC-424F-8C5E-0F560CA39ABF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5AC853EB-A017-45D3-BB13-7FD54DF1D645}" = protocol=6 | dir=in | app=c:\programme\ftp-uploader\ftpuploader.exe |
"{5E57F353-21EB-455C-A330-69C0F6CB9BCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{68A54052-58F3-40DC-89BD-75EC11C20645}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69765F74-F265-4982-AC0B-8BCBCC2F7741}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{698AB5BD-DA21-462D-BF68-89EA467151C9}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{69FE9373-6926-4C75-AB31-28D172855BF7}" = protocol=6 | dir=in | app=c:\users\dario\appdata\roaming\icqm\icq.exe |
"{6C245CC5-4473-4A7C-985E-1C9D1FC6D1C2}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{7363D4E7-8334-4271-8B15-27E787C741FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7455DC69-B15F-4FF0-BA58-6AE442DE914E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{74ADA3B2-3F69-4F25-B62E-9320F6B33043}" = protocol=17 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\game.exe |
"{8648F8DE-448A-4024-8485-C1488757A09F}" = protocol=17 | dir=in | app=c:\programme\ftp-uploader\ftpuploader.exe |
"{88BB7955-427F-47A8-9DFC-AC010E90F957}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{89CEE6C7-E8DB-4605-A0DC-C221147C6129}" = protocol=17 | dir=in | app=c:\users\dario\appdata\roaming\icqm\icq.exe |
"{926FBB88-EDC2-4BB0-BBA6-1F193BD98FDA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{961503CE-8363-4ADC-B927-84809DB68888}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B01B7767-875B-41AB-9F23-037B6AEAC681}" = protocol=17 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012.exe |
"{B43E4EC5-73E7-42E8-9781-61F0E689DA84}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B6B7785D-BDEE-42AD-B451-A0F99A12D8B6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B88223CC-E2BC-4C87-A315-06940EC6FF74}" = protocol=17 | dir=in | app=c:\icpdas\hmiworks_standard\bin\eflash.exe |
"{BAE61A5C-7F5B-4135-9D3A-C4F8785A39E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BAF6A631-C1CE-4464-BE80-55E1ABF9788B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCB49AC7-3DAD-4D66-837F-419FA363C275}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C36A71F9-4DCE-4525-829A-B61A910CE7C3}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{C84B4ACE-6368-4F85-AF61-914E128520A4}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{D2213CFA-DA17-4ABF-9B58-51CF263EF9C6}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"{D37E3E91-26A7-4897-9492-71702FE4BA10}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D410DF20-0A49-448D-93CB-E01C2E2A9E7E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8A6F2CB-69C6-466C-8560-5E3B63CA2847}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{D8F961C4-10FB-4E73-8825-FEA920F256E8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D90718F1-BE66-4033-8D89-B74132BC3858}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D97B7A45-A9B4-4ABB-B803-55A39E15A329}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{DB8959CD-1902-4FF3-BC1C-96D6EF5EAECD}" = protocol=6 | dir=in | app=c:\icpdas\hmiworks_standard\bin\eflash.exe |
"{E2B7FC12-33CD-4211-BC11-4C67CAD08B43}" = protocol=17 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012game.exe |
"{E889D922-5D92-4B39-878F-A62A024EC8D9}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{EC3B4687-10CC-418C-ACDD-5AF791194969}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{F0C898BA-3110-49DE-97B3-B1B8475BD7B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{0D051C03-653A-4AEA-BCAB-416367A51692}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{4A34CBB2-428F-4F4B-AFC4-69D9BA3C59AC}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{0C654612-BD51-4BD7-B2A8-384217075949}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{656571D9-2889-4719-ACD9-07E9E4A2FD60}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{91CAD9F2-9826-4585-87E6-5E3CA0A6CADF}" = SmartFTP Client German (Germany) MUI
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A5D535DC-C407-414F-B212-2DB432C741EB}" = SmartFTP Client
"{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}" = Oracle VM VirtualBox 4.2.6
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"GIMP-2_is1" = GIMP 2.8.0
"HMIWorks Standard Edition_is1" = HMIWorks Standard v2.05 Update 10 (for TouchPAD series)
"Loksim3D_is1" = Loksim3D
"MediaInfo" = MediaInfo 0.7.61
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"SolarApp" = Logitech Solar App 1.0
"sp6" = Logitech SetPoint 6.32
"VLC media player" = VLC media player 2.1.0-git-20121231-0404
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3A3701BF-11E1-467D-AB26-43B03F34FF7A}" = MAGIX Speed burnR (MSI)
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4C278A1B-D7CA-4F9D-A74D-CB9866EB137A}" = Steganos Password Manager 2012
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D5308D2-DC8E-4658-A37C-351000058100}" = Microsoft Flight
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5C26044C-4264-4E8A-AD7F-4685CBFE7EAB}" = gDoc Installer
"{5FE71C58-78B3-4207-84C1-AF7F8F839301}" = MAGIX Web Designer 6
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{825DCEAE-BCCE-4699-84FD-F8C23008240B}" = Altium Designer - Board Level Libraries
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8492053E-1FD0-4657-8CB0-52D0C7F3F476}" = gDoc Installer
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DC197D6-F4AB-44E0-ACF7-210355E6F389}" = Windows Speech Recognition Macros
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF3C220-0401-4945-A46F-63AFE6F4C114}" = Altium Designer Summer 09
"{A23CE7C7-29B6-444C-8D9D-EA6F4097A1C7}" = MAGIX Screenshare
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4F932E5-0072-498A-8766-423035842D2D}" = Vision Runtime Dependencies
"{C61EB330-EE5C-11D5-99DD-0050DA44D4BE}" = Kommissar Kugelblitz 3
"{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}" = Wildlife Park 2 Horses
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D5E3232E-BE61-45FA-96BB-700349EFF048}" = RippMe
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E46C4D1B-39D0-4A9F-0001-6529DDC11226}" = CDRWIN 9 Basic
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{EABCE84D-314C-4D47-8B8D-2743B45A4686}" = gDoc
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EED40EDB-B279-42EB-8D42-7E3D521F6E67}" = MySQL Server 5.5
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6367FD3-B168-4BBC-AF25-2359CEF69C43}" = MAGIX Video easy 3 HD Download-Version
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD35D1F-F7C8-47AE-AF3E-E569F025CD7D}" = MySQL Server 5.5
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.4
"Abloadtool" = Abloadtool
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AF Signal Function Generator" = AF Signal Function Generator
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_K3 Series_ENG_Basic" = AsusScr_K3 Series_ENG_Basic
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Bagger-Simulator 2011" = Bagger-Simulator 2011
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CloneCD" = CloneCD
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.3.1
"Debut" = Debut Video Capture Software
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Earth Screensaver HD" = Earth Screensaver HD
"FarmingSimulator2009GoldDE_is1" = Landwirtschafts-Simulator 2009 Gold
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"File-Upload.net" = File-Upload.net
"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
"Free Hide Folder" = Free Hide Folder
"ftp-uploader" = ftp-uploader
"Fünf Freunde auf Schatzsuche" = Fünf Freunde auf Schatzsuche
"Game Cam" = Game Cam 2.6.1.0
"GDC" = GDC 0.24.svn.r229
"GFWL_{4D5308D2-DC8E-4658-A37C-351000058100}" = Microsoft Flight
"giants_editor_5.0.1_is1" = GIANTS Editor 5.0.1
"Google Chrome" = Google Chrome
"GXTranscoder v2" = GXTranscoder v2
"hMailServer_is1" = hMailServer 5.3.3-B1879
"Home Sweet Home - Christmas Edition_is1" = Home Sweet Home - Christmas Edition
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"Inno Setup 5_is1" = Inno Setup Version 5.5.2
"Install Creator" = Install Creator
"InstallForge" = InstallForge
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IrfanView" = IrfanView (remove only)
"Juice" = Juice 2.2
"jZip" = jZip
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.21
"LTspice IV" = LTspice IV
"MAGIX_MSI_Video_easy_3" = MAGIX Video easy 3 HD Download-Version
"MAGIX_MSI_Web_Designer_6_DLM" = MAGIX Web Designer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Max und die Geheimformel" = Max und die Geheimformel
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Notepad++" = Notepad++
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"OpenTTD" = OpenTTD 1.2.3
"Origin" = Origin
"Picasa 3" = Picasa 3
"PicGrab_is1" = PicGrab 2.8.0
"Pic-Upload.de" = Pic-Upload.de
"Ravensburger tiptoi" = Ravensburger tiptoi
"Santa Claus 3D Screensaver_is1" = Santa Claus 3D Screensaver 1.1
"Schriftenbibliothek_is1" = Schriftenbibliothek
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"Shockwave" = Shockwave
"SkiRegionSimulator2012DE_is1" = Skiregion Simulator 2012
"SmartFTP Client 4.1 (x64) Setup Files" = SmartFTP Client Setup Files 4.1 (x64) (remove only)
"Sparfuchs_is1" = Sparfuchs
"SpywareBlaster_is1" = SpywareBlaster 5.0
"ST6UNST #1" = Der Restaurant-Manager 1.5 Vollversion.de Edition
"Steinbruch-Simulator 2012 Patch 1.10_is1" = Steinbruch-Simulator 2012 Patch 1.10
"Steinbruch-Simulator 2012_is1" = Steinbruch-Simulator 2012
"SuperTux_is1" = SuperTux 0.1.3
"TKKG10" = TKKG10
"TmNationsForever_is1" = TmNationsForever
"Two Worlds Pinball" = Two Worlds Pinball
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.5
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"White Christmas 3D Screensaver and Animated Wallpaper_is1" = White Christmas 3D Screensaver and Animated Wallpaper 1.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"xampp" = XAMPP 1.8.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Extreme Tux Racer" = Extreme Tux Racer
"gwp-DEFAULT" = GreenWebPlayer
"ICQ" = ICQ 8.0 (build 5989, für aktuellen Benutzer)
"sc13-CH_MAIN" = Ski Challenge 13 (CH)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.04.2013 13:15:03 | Computer Name = ASUS-X73S.****************** | Source = Schedule | ID = 0
Description =
Error - 25.04.2013 23:37:27 | Computer Name = ASUS-X73S.****************** | Source = Schedule | ID = 0
Description =
Error - 25.04.2013 23:45:41 | Computer Name = ASUS-X73S.****************** | Source = MsiInstaller | ID = 10005
Description =
Error - 25.04.2013 23:55:51 | Computer Name = ASUS-X73S.****************** | Source = NtServicePack | ID = 921877
Description =
Error - 25.04.2013 23:56:13 | Computer Name = ASUS-X73S.****************** | Source = NtServicePack | ID = 921877
Description =
Error - 25.04.2013 23:56:20 | Computer Name = ASUS-X73S.****************** | Source = NtServicePack | ID = 921877
Description =
Error - 26.04.2013 00:50:27 | Computer Name = ASUS-X73S.****************** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 26.04.2013 00:50:27 | Computer Name = ASUS-X73S.****************** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15584
Error - 26.04.2013 00:50:27 | Computer Name = ASUS-X73S.****************** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584
Error - 26.04.2013 01:06:35 | Computer Name = ASUS-X73S.****************** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LiveUpdt.exe, Version: 2.0.0.0, Zeitstempel:
0x4a6d7c8e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften Prozesses:
0x151c Startzeit der fehlerhaften Anwendung: 0x01ce423bcfbc5367 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdt.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 10d73a0c-ae2f-11e2-bb72-14dae90d9b4d
[ System Events ]
Error - 26.04.2013 00:43:55 | Computer Name = ASUS-X73S.****************** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%10106
Error - 26.04.2013 00:44:07 | Computer Name = ASUS-X73S.****************** | Source = DCOM | ID = 10010
Description =
Error - 26.04.2013 00:45:07 | Computer Name = ASUS-X73S.****************** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Dienst "Bonjour"" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1.
Error - 26.04.2013 00:45:50 | Computer Name = ASUS-X73S.****************** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft Antimalware Service erreicht.
Error - 26.04.2013 00:45:50 | Computer Name = ASUS-X73S.****************** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 26.04.2013 00:46:33 | Computer Name = ASUS-X73S.****************** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv05
Error - 26.04.2013 00:47:02 | Computer Name = ASUS-X73S.****************** | Source = DCOM | ID = 10016
Description =
Error - 26.04.2013 01:12:25 | Computer Name = ASUS-X73S.****************** | Source = DCOM | ID = 10016
Description =
Error - 26.04.2013 10:27:56 | Computer Name = ASUS-X73S.****************** | Source = DCOM | ID = 10016
Description =
Error - 26.04.2013 10:37:56 | Computer Name = ASUS-X73S.****************** | Source = DCOM | ID = 10016
Description =
< End of report >
[/CODE] Deffoger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:32 on 26/04/2013 (Dario)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
GMER Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-26 18:24:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\******\AppData\Local\Temp\pxloypoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033ef000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626 fffff800033ef042 4 bytes [00, 00, 00, 00]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000133e00 7 bytes [40, 96, F3, FF, 01, A2, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000133e08 3 bytes [C0, 06, 02]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772f1465 2 bytes [2F, 77]
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772f14bb 2 bytes [2F, 77]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772f1465 2 bytes [2F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772f14bb 2 bytes [2F, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4016:4884] 000007fefbc82a7c
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????? ???????u????????????????V?????????&????????????????????-??? ??????????????????????????????????+??????????????????????0F1??? ???????u?????????????,?????????? ?&????????????????????x????&??????????????e??PSI - Top Instance??PS???????????????e???????q??????????????????????s8???&???????d??????????????????????? ???????|???????????>?:????????????&????????????????????-???&?? ????o???????????????????s???&????????????????????????????????????T??????z????????????6??????V???????L??12-19-2012??????H?lt Ihre Google-Software auf dem neuesten Stand. Falls dieser Service deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das hei?t, dass eventuell auftretende Sicherheitsl?cken nicht behoben und bestimmte Funktionen m?glicherweise nicht ausgef?hrt werden k?nnen. Dieser Service deinstalliert sich selbst, wenn er nicht von einer Google-Software verwendet wird.???????&???????\??????????????????????\\?\Root#SUN_VBOXNETFLTMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}??????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=7B01554 On s'entra\xffeene (D)\setup.exe 1
---- EOF - GMER 2.1 ----
|
|
28.04.2013, 08:40
| #4 |
| | PC verweigert Windows-Update hat an dem thema niemand intersee............. |
|
28.04.2013, 13:31
| #5 |
| /// Malwareteam | PC verweigert Windows-Update Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Ich kann hier momentan nichts entdecken... Schritt 1: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 2: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3: SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
30.04.2013, 08:44
| #6 |
| /// Malwareteam | PC verweigert Windows-Update Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ --> PC verweigert Windows-Update |
|
| Themen zu PC verweigert Windows-Update |
| aktiviere, aktivieren, ausgelaufen, deinstalliert, desktop, essen, essentials, fix-it, free, funktionier, funktioniert, installation, microsoft, microsoft essentials, probleme, security, total, versuch, versucht, verweigert, windows, windows-update |
Linear-Darstellung
