| |
| |||||||
Mülltonne: (xposting) explorer.exe und andere Prozesse mehrfach vorhanden, mögliche Malware?Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
02.06.2012, 22:41
| #1 |
| |  (xposting) explorer.exe und andere Prozesse mehrfach vorhanden, mögliche Malware? Hallo, mir ist heute bei einem zufälligen Blick in den Taskmanager aufgefallen, dass die explorer.exe 5 mal gestartet war. Der Dateipfad verwies bei allen immer auf das korrekte Verzeichnis. Nach einem Neusstart war nur noch ein Prozess da, allerdings laufen auch folgende teilweise 2x: csrss.exe nvvsvc.exe takehost.exe Ich habe mal von der c't Desinfect Live-CD Avira, Bitdefender und clamav über meine Systempartition laufen lassen, keine Funde. Da mich das Ganze aber beunruhigt, will ich es genau wissen. Daher zunächst einmal das OTL-Log: OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 02.06.2012 23:22:14 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = H:\Anwendungen\Sicherheit 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,06 Gb Available Physical Memory | 76,55% Memory free 8,00 Gb Paging File | 7,03 Gb Available in Paging File | 87,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 57,57 Gb Free Space | 51,50% Space Free | Partition Type: NTFS Drive F: | 13,97 Gb Total Space | 1,39 Gb Free Space | 9,92% Space Free | Partition Type: NTFS Drive G: | 172,30 Gb Total Space | 37,50 Gb Free Space | 21,76% Space Free | Partition Type: NTFS Drive H: | 279,40 Gb Total Space | 56,17 Gb Free Space | 20,10% Space Free | Partition Type: NTFS Drive I: | 465,66 Gb Total Space | 27,45 Gb Free Space | 5,90% Space Free | Partition Type: NTFS Drive J: | 931,68 Gb Total Space | 241,17 Gb Free Space | 25,89% Space Free | Partition Type: NTFS Drive T: | 2794,39 Gb Total Space | 1987,51 Gb Free Space | 71,13% Space Free | Partition Type: NTFS Computer Name: BLACKLION-PC | User Name: Black Lion | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.02 23:19:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- H:\Anwendungen\Sicherheit\OTL.exe PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.10.05 10:18:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.05 10:17:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.05 10:17:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.05.20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010.08.21 11:54:46 | 005,493,736 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2009.01.12 08:15:52 | 000,071,096 | ---- | M] () -- C:\Windows\SysWOW64\NMSAccessU.exe ========== Modules (No Company Name) ========== MOD - [2012.05.13 13:29:26 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a742cb2e77b47300756506d52c96a8d1\IAStorUtil.ni.dll MOD - [2012.05.13 13:29:26 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll MOD - [2012.05.13 11:21:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.13 11:20:49 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012.05.13 11:20:44 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012.05.13 11:20:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.13 11:20:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.13 11:20:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.13 11:20:25 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.13 11:20:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010.11.21 08:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.06.06 17:12:22 | 000,036,160 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2010.11.21 05:24:36 | 001,743,360 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\sysmain.dll -- (SysMain) SRV:64bit: - [2009.07.14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc) SRV:64bit: - [2009.07.14 03:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wersvc.dll -- (WerSvc) SRV:64bit: - [2009.07.14 03:41:56 | 000,038,912 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\uxsms.dll -- (UxSms) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 03:39:37 | 000,593,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\SearchIndexer.exe -- (WSearch) SRV:64bit: - [2009.06.05 17:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.04.24 18:10:56 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.10.05 10:18:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.05 10:17:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.24 22:03:55 | 003,975,088 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.06.06 17:16:20 | 002,026,304 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.06.06 17:12:18 | 000,029,504 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.08.21 11:55:58 | 001,079,512 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.07.14 03:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWow64\SearchIndexer.exe -- (WSearch) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009.01.12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\NMSAccessU.exe -- (NMSAccess) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.15 18:05:52 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.25 19:48:26 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.09.25 19:48:26 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.09.15 23:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.09.15 23:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.06.24 22:11:17 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011.06.24 22:03:55 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) DRV:64bit: - [2011.06.24 22:03:55 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2011.06.24 22:03:54 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2011.06.24 22:03:54 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2011.06.24 21:34:03 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.03.03 09:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 17:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2008.01.21 11:45:00 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2011.06.06 17:07:20 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2712221221-3655037957-805285431-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2712221221-3655037957-805285431-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2712221221-3655037957-805285431-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC FF FA 82 FF 33 CC 01 [binary data] IE - HKU\S-1-5-21-2712221221-3655037957-805285431-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2712221221-3655037957-805285431-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.readmore.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5 FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {fd2f951f-77ea-4938-9493-0c892c027a13}:0.9.8 FF - prefs.js..network.proxy.ftp: "localhost" FF - prefs.js..network.proxy.ftp_port: 8118 FF - prefs.js..network.proxy.gopher: "localhost" FF - prefs.js..network.proxy.gopher_port: 8118 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 8118 FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9051 FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 8118 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.24 18:10:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 19:07:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.24 21:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Black Lion\AppData\Roaming\mozilla\Extensions [2010.12.05 20:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Black Lion\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.29 17:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Black Lion\AppData\Roaming\mozilla\Firefox\Profiles\slldeahe.default\extensions [2011.06.24 21:16:08 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\Black Lion\AppData\Roaming\mozilla\Firefox\Profiles\slldeahe.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb} [2012.05.17 22:12:12 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Black Lion\AppData\Roaming\mozilla\Firefox\Profiles\slldeahe.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.05.18 13:03:34 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Black Lion\AppData\Roaming\mozilla\Firefox\Profiles\slldeahe.default\extensions\ich@maltegoetz.de [2012.05.31 22:45:09 | 000,002,102 | ---- | M] () -- C:\Users\Black Lion\AppData\Roaming\Mozilla\Firefox\Profiles\slldeahe.default\searchplugins\wot-safe-search.xml [2011.06.24 21:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.13 20:05:14 | 000,060,243 | ---- | M] () (No name found) -- C:\USERS\BLACK LION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLLDEAHE.DEFAULT\EXTENSIONS\{45D8FF86-D909-11DB-9705-005056C00008}.XPI [2012.05.29 17:10:39 | 000,524,866 | ---- | M] () (No name found) -- C:\USERS\BLACK LION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLLDEAHE.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012.01.06 12:21:12 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\BLACK LION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLLDEAHE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.03.30 12:56:16 | 000,129,271 | ---- | M] () (No name found) -- C:\USERS\BLACK LION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLLDEAHE.DEFAULT\EXTENSIONS\CHECKPLACES@ANDYHALFORD.COM.XPI [2011.05.29 14:10:46 | 000,001,703 | ---- | M] () (No name found) -- C:\USERS\BLACK LION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLLDEAHE.DEFAULT\EXTENSIONS\F6@MERIKE.PRI.EE.XPI [2012.04.24 18:10:57 | 000,159,870 | ---- | M] () (No name found) -- C:\USERS\BLACK LION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLLDEAHE.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI [2012.04.24 18:10:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O3 - HKU\S-1-5-21-2712221221-3655037957-805285431-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Programme\Classic Shell\ClassicStartMenu.exe (IvoSoft) O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2712221221-3655037957-805285431-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2712221221-3655037957-805285431-1000..\Run: [HotSwap! Applet] C:\Program Files\Hot Swap\HotSwap!.EXE (Kazuyuki Nakayama) O4 - HKU\S-1-5-21-2712221221-3655037957-805285431-1000..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) O4 - HKU\S-1-5-21-2712221221-3655037957-805285431-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2712221221-3655037957-805285431-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Mit Mipony herunterladen - C:\Program Files (x86)\MiPony\Browser\IEContext.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Mit Mipony herunterladen - C:\Program Files (x86)\MiPony\Browser\IEContext.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DC40972-B79A-46DB-A318-0011CAA65C4D}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.ac3filter - ac3filter64.acm () Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.15 17:13:09 | 000,000,000 | ---D | C] -- C:\Users\Black Lion\Documents\Diablo III [2012.05.15 16:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.05.15 16:57:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.02 23:16:16 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.02 23:16:16 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.02 23:09:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.31 16:47:44 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.31 16:47:44 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.31 16:47:44 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.31 16:47:44 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.31 16:47:44 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.30 18:38:17 | 000,000,999 | ---- | M] () -- C:\Users\Black Lion\Desktop\MiPony.lnk [2012.05.18 13:32:57 | 000,023,791 | ---- | M] () -- C:\Users\Black Lion\Desktop\RG421600.pdf [2012.05.18 13:11:48 | 000,042,758 | ---- | M] () -- C:\Users\Black Lion\Desktop\schufa.pdf [2012.05.15 17:09:50 | 000,001,211 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.15 12:48:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.05.15 12:48:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.05.15 12:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.05.15 11:29:45 | 002,621,723 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012.05.13 11:19:55 | 000,337,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.28 02:54:22 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012.05.18 13:32:57 | 000,023,791 | ---- | C] () -- C:\Users\Black Lion\Desktop\RG421600.pdf [2012.05.18 13:11:48 | 000,042,758 | ---- | C] () -- C:\Users\Black Lion\Desktop\schufa.pdf [2012.05.15 16:57:20 | 000,001,211 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.02.13 19:07:31 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.11 01:55:27 | 000,003,584 | ---- | C] () -- C:\Users\Black Lion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.10 21:27:11 | 000,001,057 | ---- | C] () -- C:\Users\Black Lion\AppData\Roaming\vso_ts_preview.xml [2011.08.28 16:29:47 | 000,059,423 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.07.24 01:39:47 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe [2011.06.26 13:10:30 | 000,000,648 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.06.26 12:06:20 | 000,071,096 | ---- | C] () -- C:\Windows\SysWow64\NMSAccessU.exe [2011.06.26 12:06:20 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\SyncBackPro.dll [2011.06.24 22:08:16 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll ========== LOP Check ========== [2011.06.24 22:40:20 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Acronis [2011.08.29 17:51:45 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Canneverbe Limited [2011.06.24 21:38:19 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\DAEMON Tools Lite [2012.04.30 17:59:33 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\EPSON [2011.07.06 20:36:32 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Foxit Software [2011.11.13 14:21:28 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\IrfanView [2011.08.10 19:55:06 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Leadertech [2012.06.02 21:53:09 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Mipony [2012.03.04 12:13:00 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Miranda [2012.01.24 19:13:34 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\pdfforge [2011.06.24 21:52:41 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Thunderbird [2011.06.25 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\TrueCrypt [2012.02.20 21:56:57 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\TS3Client [2011.07.11 17:05:03 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\TuneUp Software [2012.06.02 21:59:18 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\uTorrent [2011.11.13 15:24:59 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Vso [2012.05.28 15:51:43 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.06.24 22:40:20 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Acronis [2011.06.24 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Adobe [2011.10.14 16:03:25 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Avira [2011.08.29 17:51:45 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Canneverbe Limited [2011.06.24 21:38:19 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\DAEMON Tools Lite [2011.10.09 22:22:12 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\dvdcss [2012.04.30 17:59:33 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\EPSON [2011.07.06 20:36:32 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Foxit Software [2011.06.24 20:13:55 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Identities [2011.06.24 20:38:36 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\InstallShield [2011.06.24 20:35:44 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Intel Corporation [2011.11.13 14:21:28 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\IrfanView [2011.08.10 19:55:06 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Leadertech [2011.06.24 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Macromedia [2010.11.21 09:00:26 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Media Center Programs [2011.06.24 22:33:37 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Media Player Classic [2012.04.26 11:24:52 | 000,000,000 | --SD | M] -- C:\Users\Black Lion\AppData\Roaming\Microsoft [2012.06.02 21:53:09 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Mipony [2012.03.04 12:13:00 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Miranda [2011.06.24 21:16:08 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Mozilla [2011.09.25 19:55:45 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\NVIDIA [2012.01.24 19:13:34 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\pdfforge [2012.03.10 00:19:32 | 000,000,000 | RH-D | M] -- C:\Users\Black Lion\AppData\Roaming\SecuROM [2011.06.24 21:52:41 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Thunderbird [2011.06.25 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\TrueCrypt [2012.02.20 21:56:57 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\TS3Client [2011.07.11 17:05:03 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\TuneUp Software [2012.06.02 21:59:18 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\uTorrent [2012.06.02 23:20:42 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\vlc [2011.11.13 15:24:59 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Vso [2011.06.24 21:28:40 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > --- --- --- [/code] Für eine Interpretation reicht mein Wissen leider nicht, daher hoffe ich auf Hilfe und bedanke mich schonmal im Voraus dafür =) edit: Quick Scan mit Malwarebytes Anti-Malware: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.02.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Black Lion :: BLACKLION-PC [Administrator] Schutz: Aktiviert 02.06.2012 23:46:25 mbam-log-2012-06-02 (23-46-25).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 219545 Laufzeit: 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.06.2012 23:22:14 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = H:\Anwendungen\Sicherheit
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,06 Gb Available Physical Memory | 76,55% Memory free
8,00 Gb Paging File | 7,03 Gb Available in Paging File | 87,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 57,57 Gb Free Space | 51,50% Space Free | Partition Type: NTFS
Drive F: | 13,97 Gb Total Space | 1,39 Gb Free Space | 9,92% Space Free | Partition Type: NTFS
Drive G: | 172,30 Gb Total Space | 37,50 Gb Free Space | 21,76% Space Free | Partition Type: NTFS
Drive H: | 279,40 Gb Total Space | 56,17 Gb Free Space | 20,10% Space Free | Partition Type: NTFS
Drive I: | 465,66 Gb Total Space | 27,45 Gb Free Space | 5,90% Space Free | Partition Type: NTFS
Drive J: | 931,68 Gb Total Space | 241,17 Gb Free Space | 25,89% Space Free | Partition Type: NTFS
Drive T: | 2794,39 Gb Total Space | 1987,51 Gb Free Space | 71,13% Space Free | Partition Type: NTFS
Computer Name: BLACKLION-PC | User Name: Black Lion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2712221221-3655037957-805285431-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C4939AB-FA9E-409A-8EA1-E22EBB647A26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1812A50F-283F-4D3F-9816-2146E2903692}" = rport=138 | protocol=17 | dir=out | app=system |
"{1ED2D5AE-026D-4010-BD94-F5E3BFEC9D24}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3DF210D8-9583-4DB3-9562-8197FE554AF1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52269F83-F7A0-438E-9E04-78BFCB75E27C}" = lport=137 | protocol=17 | dir=in | app=system |
"{5409EFEF-6CDF-4E56-BB87-BDB369E620A0}" = rport=139 | protocol=6 | dir=out | app=system |
"{60799948-DB18-46B1-9566-70BFE50BD213}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69E74FC1-5A68-40DD-A9AE-CE079D9BDCAF}" = rport=445 | protocol=6 | dir=out | app=system |
"{792B571C-C532-4B5F-ACDE-ECEAB770833F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A215DD4E-4824-49DC-862D-FCC32595090E}" = rport=137 | protocol=17 | dir=out | app=system |
"{ADD4D701-1B26-4BA7-A11C-31FD358D23D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6E7A4B2-551F-4DD6-BE9E-467AD2CEFC2A}" = lport=139 | protocol=6 | dir=in | app=system |
"{BBB8D7A5-FA54-461A-A3BB-9DB89EAB8692}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C34BD51A-36D7-496D-A6B5-95AF1A8499B8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C6669D91-77A4-4D0C-BEDA-D5AE609DD486}" = lport=138 | protocol=17 | dir=in | app=system |
"{CC6A287D-39A6-45BA-AD9E-259690CEBBFB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D90A2763-0C1A-48B1-93F2-1F39ECAF3438}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DAD55A70-C2A9-4792-BADE-6EB5BF33A2ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DEF21219-E2AF-4A82-82D0-363F0AFD03A0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA028628-93CD-4785-8A51-C73D425B5BC9}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD825CC5-5884-46EA-9832-E117F318948F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046A8569-8B31-4C5A-9AC5-29CCEC8F2980}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0953BB04-CF2E-47AD-93C7-678BCFC3A436}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0A9F946E-245C-4FBB-A3D6-A0C5C341D782}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{1720C9C5-D199-40D1-9C26-DA0DD29E84ED}" = protocol=6 | dir=out | app=system |
"{190DD76A-CDA4-45CE-A46F-DAA945A05385}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{249AA2F1-7BA3-464A-9760-D0DA34213687}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2905E164-7AD8-4CC1-9C2F-1195DBB8EA04}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{302444B8-F091-4B42-B50C-383B89872588}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32D422B6-95DD-46BC-9AF0-7BB97DF48DE9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{33CDB276-2896-47C5-B926-1716C6BDAF1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3DF3C0B4-F184-4843-9472-DA208CCF8EA8}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{41AF2B5F-7A6B-4DB1-B579-C528AE105664}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4AD26BFC-830E-4C32-9FE7-D4B69462724E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{5EBAB4B3-5910-4274-83A4-DF987450DB19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{692C300E-5D04-465E-960D-D0D424DA088D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71658FCE-EBE0-4955-8F07-07A3A696A39A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{89194E97-1F67-490D-85B6-46AB73AFFDF0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8BFF5276-F907-4430-A9D9-FAD3663D1885}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{8EFDF3FE-93D4-4C0B-81C1-3AAD81A58F3F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{94C488FA-18F0-439E-AD09-91921FAF8916}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98B0AE87-80D0-4D19-AD5C-72EB1164A5AB}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{9C617684-526D-475C-98C8-9BB10C96951A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DD2EA77-5B3E-48A0-A9E7-F7D0C0CCE361}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{A6D74A22-9F8C-4C2C-844D-ADE6AFB52418}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{AAD8B3CD-7A46-4D44-B07E-8B5B0AB0AC0F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{B9EBCF19-FA78-4CD2-AD7A-6E454FBBA7EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C165DDAE-2604-4293-80B2-FAA9DA2C1820}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB0D1511-C160-4D1B-8A2F-706D6DC2A3EF}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{CB830140-6B19-4D84-AAD5-991E6AD9A5C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D75D4F46-E3A1-464A-9CF9-A9E18BE71D42}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DDDED967-33D0-4DD6-BA2E-2CCC1A464731}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe |
"{DFB78F47-2E12-4F88-806C-A0C7F4899F2D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8883E17-2F55-4314-8AF3-4A6B85B9C030}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{10E7518D-6239-4050-B959-469208E06937}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{307F6F9F-3514-4309-B7DD-A62F79C7D4B5}F:\warcraft 3 replays und taktiken\wtvclient0.97.02\wtvclient.exe" = protocol=6 | dir=in | app=f:\warcraft 3 replays und taktiken\wtvclient0.97.02\wtvclient.exe |
"TCP Query User{35A5FF45-50D5-4B55-AFEB-1A68620E0E65}C:\program files (x86)\utorrent\utorrent 1.8.1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent 1.8.1.exe |
"TCP Query User{3D13050E-E9E4-4CA4-A171-1B747D7D26D4}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{44332B56-46FA-42CC-9154-43B2344A4425}C:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe |
"TCP Query User{54257C8E-E44D-424C-B704-1B524DFBC563}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{5585D3D2-7C20-4C75-8694-8DEAFD24EBB0}H:\images\diablo iii\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=h:\images\diablo iii\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{56A0A3E6-F634-4F58-9B6A-7AD169998F52}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{636CBCA9-B1A6-4E9F-89BB-2879E9A884FE}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{69631DCC-2669-46C4-AB90-91B784A75D7C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{77E7CB7A-C4E0-48BA-A807-0EEF21382FD3}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{7E0FE337-CDF4-4698-9CDC-BBD46BC221A3}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{848A67DC-5980-4830-949B-5D1BCB3F147D}C:\program files (x86)\2brightsparks\syncbackpro\syncbackpro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2brightsparks\syncbackpro\syncbackpro.exe |
"TCP Query User{8EF06876-007C-473E-AAA9-1075B456DE54}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{0EBF9E6A-6AC9-4637-BD46-34A26A5B3050}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{1D162128-9946-4A63-AFD8-DC1BB9514454}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{6E598F2B-0AC8-41D8-ABDB-D99BCCD6FA41}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{82753B8A-F679-4249-8D65-B261DB29FB99}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{8EE12DF1-89F3-44FD-B708-BF22CF109453}C:\program files (x86)\2brightsparks\syncbackpro\syncbackpro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2brightsparks\syncbackpro\syncbackpro.exe |
"UDP Query User{A1D2C790-A0B7-451B-AEC2-BFC8D6D15290}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{B29061D7-BC13-4786-8F38-573733837E5C}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{B525CFBA-1200-4B68-AD2F-40EF18BA1BFC}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{C25A7095-3204-49FD-9B5B-5F374C4DEDE1}H:\images\diablo iii\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=h:\images\diablo iii\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{D7D6FF6C-15D5-42E1-9DF7-B58B3D11F288}C:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe |
"UDP Query User{E2BC0F28-BD20-4A8F-84F6-66677817D484}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{EA578B69-1369-460F-9E27-24F7908C5E6D}F:\warcraft 3 replays und taktiken\wtvclient0.97.02\wtvclient.exe" = protocol=17 | dir=in | app=f:\warcraft 3 replays und taktiken\wtvclient0.97.02\wtvclient.exe |
"UDP Query User{F7321E21-540E-4A6F-B6D1-F5BFB9576E5A}C:\program files (x86)\utorrent\utorrent 1.8.1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent 1.8.1.exe |
"UDP Query User{FA48CC3B-B801-4957-8E59-8E4B0C5E6E37}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5A2565D0-A773-4C69-A66D-7AAF2039E985}" = Classic Shell
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.1.2903
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8AB541B4-ADAC-4981-A635-02C15B01779D}" = SSDlife Free
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"AC3Filter_is1" = AC3Filter 1.63b
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"Cockatrice" = Cockatrice
"DAEMON Tools Lite" = DAEMON Tools Lite
"DCoder Image Source" = DCoder Image Source (remove only)
"Diablo III" = Diablo III
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Foxit Reader_is1" = Foxit Reader 5.0
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Gaming Mouse 3" = Gaming Mouse
"HaaliMkx" = Haali Media Splitter
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"IrfanView" = IrfanView (remove only)
"MiPony" = MiPony 1.6.4
"Miranda IM" = Miranda IM 0.9.47
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"RealMedia" = RealMedia (remove only)
"SyncBackPro_is1" = SyncBackPro
"TrueCrypt" = TrueCrypt
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 2.0.1
"Warcraft III" = Warcraft III
"ZoomPlayer" = Zoom Player (remove only)
"ZoomPlayerLang" = Zoom Player deutsche Sprachdateien (entfernen)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2712221221-3655037957-805285431-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.05.2012 11:36:40 | Computer Name = BlackLion-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 29.05.2012 10:40:17 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.05.2012 10:56:41 | Computer Name = BlackLion-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 30.05.2012 10:41:48 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.05.2012 12:23:27 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.05.2012 10:36:47 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.06.2012 09:17:21 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.06.2012 09:53:51 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.06.2012 15:52:33 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.06.2012 17:10:54 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 27.05.2012 12:57:43 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
VDiskBus
Error - 28.05.2012 09:51:49 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
VDiskBus
Error - 29.05.2012 10:38:36 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
VDiskBus
Error - 30.05.2012 10:40:06 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
VDiskBus
Error - 30.05.2012 12:21:45 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
VDiskBus
Error - 31.05.2012 10:35:05 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
VDiskBus
Error - 01.06.2012 09:15:39 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
VDiskBus
Error - 02.06.2012 09:52:09 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
VDiskBus
Error - 02.06.2012 15:50:51 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
VDiskBus
Error - 02.06.2012 17:09:13 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
VDiskBus
< End of report >
[/code Geändert von Black Lion (02.06.2012 um 23:02 Uhr) |
|
05.06.2012, 14:07
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  (xposting) explorer.exe und andere Prozesse mehrfach vorhanden, mögliche Malware?__________________
__________________ |
| Themen zu (xposting) explorer.exe und andere Prozesse mehrfach vorhanden, mögliche Malware? |
| 4d36e972-e325-11ce-bfc1-08002be10318, antivir, avira, battle.net, bho, dateisystem, defender, desktop, document, firefox, format, heuristiks/extra, heuristiks/shuriken, install.exe, langs, logfile, malware, microsoft, microsoft office word, mipony, mozilla, nvidia, nvidia update, nvstor.sys, opera, programme, prozess, prozesse, registry, richtlinie, rundll, scan, searchscopes, software, taskmanager, windows, winlogon, winlogon.exe, wrapper, wsearch |
=> 
Linear-Darstellung
