| |
| |||||||
Mülltonne: (2x) Gesten sirefef gefunden - jetzt weg oder nicht?Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
10.07.2012, 10:45
| #1 |
| |  (2x) Gesten sirefef gefunden - jetzt weg oder nicht? Hallo, ich geb zu: habe gestern schon gepostet, hatte aber nur die Goldenen Regeln gelesen und nicht Schritt 2 (Systeminfos). Gestern schrieb mein Mailprovider, dass von meinem Zugang aus Spam-Mail versendet worden ist (Zitat: "Wichtig - Die Spam-Mails wurden nicht mit einem herkömmlichen E-Mail-Programm versendet und haben auch nichts mit ihrem Postfach oder ihrer E-Mail-Adresse zu tun, sondern ausschließlich mit der Einwahl.") Ich überprüfte meine Einstellungen - Firewall war deaktiviert, ließ sich nicht mehr aktivieren, Microsoft Security Essentials ließ sich nicht aktualisieren -> habe mse deinstalliert, neu installiert, laufen lassen und konnte grade noch erkennen, dass ein Trojaner namens sirefef gefunden worden war (Erweiterung konnte ich nicht mehr notieren). Dann erfolgte ein Neustart. Das Spiel "Hochfahren -> erzwungener Neustart nach einer Minute" konnte ich erst im abgesicherten Modus durch Systemwiederherstellung auf früheren Zeitpunkt unterbrechen und dann den Sophos Anti-Rootkit drüberlaufen lassen. Jetzt scheint alles wieder zu laufen - aber wirklich beruhigt kann man da wohl nicht sein? Hab jetzt Eure Anleitung befolgt. Defogger lieferte eine defogger_disable: Code:
ATTFilter efogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:50 on 10/07/2012 (NoAdmin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 10.07.2012 10:26:46 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\NoAdmin\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 47,34% Memory free 5,73 Gb Paging File | 4,12 Gb Available in Paging File | 71,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 283,40 Gb Total Space | 228,09 Gb Free Space | 80,48% Space Free | Partition Type: NTFS Computer Name: MARIT-PC | User Name: NoAdmin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.10 10:24:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\NoAdmin\Desktop\OTL.exe PRC - [2012.06.27 17:11:10 | 001,090,440 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2012.04.05 15:01:56 | 000,135,168 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nalserv.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2011.12.07 19:18:12 | 000,400,384 | ---- | M] (SDL) -- C:\Programme\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe PRC - [2011.11.11 11:44:42 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe PRC - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.09.15 21:07:33 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE PRC - [2010.09.15 21:07:33 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\DW WLAN Card\WLTRYSVC.EXE PRC - [2010.09.15 21:07:29 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\DW WLAN Card\BCMWLTRY.EXE PRC - [2010.07.26 02:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2010.06.03 22:40:00 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vcsFPService.exe PRC - [2010.05.20 02:39:42 | 000,206,336 | ---- | M] (Microsoft) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe PRC - [2010.04.06 22:35:04 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2010.04.06 22:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe PRC - [2010.01.15 17:26:52 | 003,873,648 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.11.30 05:41:08 | 000,060,928 | ---- | M] () -- C:\Programme\STMicroelectronics\Accelerometer\InstallFilterService.exe PRC - [2009.11.04 07:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.04 07:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.10.20 16:11:58 | 002,364,704 | ---- | M] (Broadcom Corporation.) -- c:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2009.10.20 16:11:58 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.10.20 16:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.07.28 17:07:42 | 000,073,528 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE PRC - [2009.07.22 14:52:12 | 002,384,896 | ---- | M] () -- C:\Programme\STMicroelectronics\Accelerometer\FF_Protection.exe PRC - [2009.07.20 12:01:00 | 000,760,120 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.05.14 16:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe PRC - [2009.05.13 00:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe PRC - [2009.03.02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe PRC - [2007.11.19 11:19:00 | 000,128,352 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE PRC - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe PRC - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 16:07:11 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll MOD - [2012.06.13 16:06:59 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll MOD - [2012.06.13 16:06:46 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.13 16:06:38 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.06.13 16:06:37 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\37aa8a6e1a69671c23eb916417629682\System.Deployment.ni.dll MOD - [2012.06.13 16:06:32 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll MOD - [2012.05.13 11:32:48 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\496033ebd93c3381e4ba09486bf23cc3\System.Xml.Linq.ni.dll MOD - [2012.05.13 11:31:46 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll MOD - [2012.05.13 11:30:43 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3848d7865bda88a9e94e03480b5ada2f\System.Runtime.Serialization.ni.dll MOD - [2012.05.13 11:30:40 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7900b4e8c860d8b4a3c1f98047c3c1a3\System.ServiceModel.ni.dll MOD - [2012.05.13 11:30:06 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll MOD - [2012.05.11 16:15:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 16:14:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 16:14:06 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012.05.11 16:13:59 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.11 16:13:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.11 16:13:48 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.11 16:13:39 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.10.20 16:12:10 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2009.07.22 14:52:12 | 002,384,896 | ---- | M] () -- C:\Programme\STMicroelectronics\Accelerometer\FF_Protection.exe MOD - [2009.07.14 10:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.07.14 10:47:16 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe MOD - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.09 17:14:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.05.02 17:06:31 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.05 15:01:56 | 000,135,168 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nalserv.exe -- (NalServ) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.03.10 04:00:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.11.11 11:44:42 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc) SRV - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$ACROSS) SQL Server (ACROSS) SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.09.15 21:07:33 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV - [2010.06.03 22:40:00 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService) SRV - [2010.04.06 22:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.11.30 05:41:08 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Programme\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService) SRV - [2009.11.04 07:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.11.04 07:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.10.20 16:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.07.28 17:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.05.14 16:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0) SRV - [2009.05.13 00:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2009.03.02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\D5E4.tmp -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\NoAdmin\AppData\Local\Temp\fgloypod.sys -- (fgloypod) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.06.28 19:21:16 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 19:21:16 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.08 14:22:03 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3) DRV - [2010.09.15 23:51:45 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2010.09.15 21:07:29 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2010.04.06 22:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2010.02.03 00:36:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009.12.07 20:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.12.07 20:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.10.26 14:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009.10.12 16:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.09.17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.04 12:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie) DRV - [2009.07.02 02:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci) DRV - [2009.06.30 13:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie) DRV - [2009.06.15 20:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt) DRV - [2009.05.28 17:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {DA639E36-C4BB-4EE9-A6D3-8C89419F1657} IE - HKLM\..\SearchScopes\{DA639E36-C4BB-4EE9-A6D3-8C89419F1657}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010.09.15 21:14:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.09 16:23:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.07 17:52:24 | 000,000,000 | ---D | M] [2012.07.10 08:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NoAdmin\AppData\Roaming\mozilla\Extensions [2012.07.09 16:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.09 16:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012.05.02 17:06:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.21 13:44:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.21 13:44:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.21 13:44:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 13:44:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 13:44:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 13:44:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft) O4 - HKLM..\Run: [FreeFallProtection] C:\Programme\STMicroelectronics\Accelerometer\FF_Protection.exe () O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5370780B-8FF8-4AC0-B5AF-339D6C67292F}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ED6080F-DC10-44C6-9586-E4A19F934C7A}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A24E6AA-6874-4075-8D0D-31277AE36F92}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D6CCCE7-B078-4A76-880B-6C969053931B}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBE5BC9A-37E6-482B-A68D-EB7089769570}: NameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.10 10:24:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\NoAdmin\Desktop\OTL.exe [2012.07.10 09:19:39 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Roaming\SDL [2012.07.10 09:19:39 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\SDL [2012.07.10 08:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.07.10 08:32:43 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Roaming\Macromedia [2012.07.10 08:32:43 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\Macromedia [2012.07.10 08:32:43 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Roaming\Adobe [2012.07.10 08:31:32 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Roaming\Mozilla [2012.07.10 08:31:32 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\Mozilla [2012.07.10 08:16:57 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Documents\Documents [2012.07.10 08:15:28 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Desktop\Desktop [2012.07.10 07:59:00 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\Broadcom [2012.07.10 07:59:00 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\Documents\Bluetooth-Exchange-Ordner [2012.07.10 07:58:59 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Roaming\Apple Computer [2012.07.10 07:58:48 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.07.10 07:58:48 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Searches [2012.07.10 07:58:48 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.07.10 07:58:41 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Roaming\Identities [2012.07.10 07:58:39 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Contacts [2012.07.10 07:58:36 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\VirtualStore [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Vorlagen [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\AppData\Local\Verlauf [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\AppData\Local\Temporary Internet Files [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Startmenü [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\SendTo [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Recent [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Netzwerkumgebung [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Lokale Einstellungen [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Documents\Eigene Videos [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Documents\Eigene Musik [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Eigene Dateien [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Documents\Eigene Bilder [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Druckumgebung [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Cookies [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\AppData\Local\Anwendungsdaten [2012.07.10 07:58:35 | 000,000,000 | -HSD | C] -- C:\Users\NoAdmin\Anwendungsdaten [2012.07.10 07:58:34 | 000,000,000 | --SD | C] -- C:\Users\NoAdmin\AppData\Roaming\Microsoft [2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Videos [2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Saved Games [2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Pictures [2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Music [2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Links [2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Favorites [2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Downloads [2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Documents [2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\Desktop [2012.07.10 07:58:34 | 000,000,000 | R--D | C] -- C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.07.10 07:58:34 | 000,000,000 | -H-D | C] -- C:\Users\NoAdmin\AppData [2012.07.10 07:58:34 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\Temp [2012.07.10 07:58:34 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\Microsoft Help [2012.07.10 07:58:34 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Local\Microsoft [2012.07.10 07:58:34 | 000,000,000 | ---D | C] -- C:\Users\NoAdmin\AppData\Roaming\Media Center Programs [2012.07.09 16:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012.07.09 16:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2012.07.09 16:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012.06.21 12:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\webex [2012.06.20 08:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.06.20 07:56:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.19 10:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 14 [2012.06.19 10:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Zoner [2012.06.15 14:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoner [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.10 10:24:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\NoAdmin\Desktop\OTL.exe [2012.07.10 10:23:29 | 000,000,000 | ---- | M] () -- C:\Users\NoAdmin\defogger_reenable [2012.07.10 10:22:07 | 000,050,477 | ---- | M] () -- C:\Users\NoAdmin\Desktop\Defogger.exe [2012.07.10 10:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.10 09:24:22 | 000,302,592 | ---- | M] () -- C:\Users\NoAdmin\Desktop\vnj9iq65.exe [2012.07.10 08:30:03 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.10 08:30:03 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.10 08:27:10 | 000,767,922 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.10 08:27:10 | 000,723,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.10 08:27:10 | 000,173,756 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.10 08:27:10 | 000,146,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.10 08:22:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.10 08:22:28 | 2307,928,064 | -HS- | M] () -- C:\hiberfil.sys [2012.07.10 07:59:19 | 000,002,527 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2012.07.10 07:59:19 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\FRITZ!DSL Startcenter.lnk [2012.06.19 10:49:38 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Zoner Photo Studio 14 FREE.lnk [2012.06.13 16:04:24 | 000,402,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.10 10:23:29 | 000,000,000 | ---- | C] () -- C:\Users\NoAdmin\defogger_reenable [2012.07.10 10:22:07 | 000,050,477 | ---- | C] () -- C:\Users\NoAdmin\Desktop\Defogger.exe [2012.07.10 09:24:22 | 000,302,592 | ---- | C] () -- C:\Users\NoAdmin\Desktop\vnj9iq65.exe [2012.07.10 07:58:49 | 000,001,411 | ---- | C] () -- C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.06.19 10:49:38 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Zoner Photo Studio 14 FREE.lnk [2012.05.03 13:24:35 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll [2012.04.23 13:05:29 | 000,000,351 | ---- | C] () -- C:\Windows\keytrans.ini [2012.04.23 13:05:02 | 000,006,870 | ---- | C] () -- C:\Windows\Keytran1.ini [2012.04.23 13:05:02 | 000,002,762 | ---- | C] () -- C:\Windows\KEYTRAN2.INI [2012.01.12 08:46:49 | 000,002,048 | -HS- | C] () -- C:\Users\Marit\AppData\Local\{fd474600-ee11-a58f-de7e-8250ebb69c16}\@ [2011.01.08 15:12:09 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLfNL.DLL [2010.11.09 17:27:28 | 000,000,161 | ---- | C] () -- C:\Windows\BUHL.INI [2010.10.11 09:19:38 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.09.15 21:13:40 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin [2010.09.15 21:07:39 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010.08.01 07:27:33 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.08.01 04:40:06 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2010.08.01 04:40:06 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.01 04:40:06 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.08.01 04:40:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2010.08.01 04:40:05 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.08.01 04:40:03 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010.08.01 04:40:03 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config ========== LOP Check ========== [2012.07.10 09:19:39 | 000,000,000 | ---D | M] -- C:\Users\NoAdmin\AppData\Roaming\SDL [2012.06.04 12:14:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.07.2012 10:26:46 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\NoAdmin\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 47,34% Memory free
5,73 Gb Paging File | 4,12 Gb Available in Paging File | 71,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 228,09 Gb Free Space | 80,48% Space Free | Partition Type: NTFS
Computer Name: MARIT-PC | User Name: NoAdmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{054A843F-DA38-4E2B-A896-696B33052179}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0599D4CB-C683-4A9C-80F0-7A233926C984}" = rport=137 | protocol=17 | dir=out | app=system |
"{09AF8F86-3275-4ABE-B0C7-D0009767E04A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{17ACE4F6-5B32-4294-9DE2-8D1895CB9286}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28DDC23E-76E0-4CA1-8D64-A6584BC8A5BD}" = lport=139 | protocol=6 | dir=in | app=system |
"{33B987A0-8A40-4DD7-BF0A-497570B668D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{401D7DC3-BC3A-44D0-9993-54D2F3F720BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{421C1915-85FB-4DB8-8208-65D46EC07F70}" = rport=139 | protocol=6 | dir=out | app=system |
"{52369A8E-E368-482D-8C83-60A452D10ED5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5AC43146-A9AB-4CE8-B6D6-EA3C7BD47AF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{625E44F9-4097-4660-AB29-17DDCFE2BB70}" = lport=445 | protocol=6 | dir=in | app=system |
"{66D64D93-727A-47C0-B907-166A5353E1C3}" = lport=9100 | protocol=6 | dir=in | name=erste regel drucker |
"{679D7A5B-81F1-44B0-9F41-805BEE953D4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{727F9855-4045-4F49-AF01-E28455B615E5}" = lport=2066 | protocol=6 | dir=in | name=zweite regel drucker |
"{83900492-4B28-435D-BC78-628913D54E58}" = lport=2869 | protocol=6 | dir=in | app=system |
"{86660026-9A68-4798-BBF1-D0D820685DAE}" = lport=137 | protocol=17 | dir=in | app=system |
"{86CF496C-EB2C-499F-9EE4-31BCD19CD6FF}" = lport=138 | protocol=17 | dir=in | app=system |
"{872E8578-60A2-43BF-8139-5C9AB66E13C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F9278EE-CF4B-47BC-9C5E-DA969707AE5F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A62C4891-562F-4949-A661-E854AE125CE4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC0C382D-564E-42F1-8CED-85DC929DD297}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update |
"{B5A17828-E961-4C2E-94A8-AC50122FD253}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA57CD50-ECDF-47FF-9CA9-DD7F0965995B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C08094A0-29C1-4A4E-A716-F7DEF970A5B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D402B9BC-E3CD-4E09-8DD3-342A7B8505F7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D892207C-159D-43BC-AC9F-FCE906D2110E}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast |
"{E6DAC439-480B-44D2-A772-E7CFC1BC5410}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED01E019-3A8F-41CE-BAEE-C90E9351F2A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{F5BF9B4D-CA26-43E2-8DA9-413CF70AEB35}" = rport=445 | protocol=6 | dir=out | app=system |
"{F741C55E-CACE-443E-9BA9-D07DC61D15C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07777BC2-6A43-4370-953A-C0EC8FBB7745}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10C390E5-D7E7-4956-98A2-96A2ED2A68D2}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{17C6EB15-574A-42EE-8604-DDA4576C9724}" = protocol=17 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe |
"{1B643599-F465-440D-B100-771D32C043FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{21953B3A-9F41-47EE-8D89-05A8C8D4096E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25D3EC04-A41B-4F61-9C07-41B17A47BE92}" = protocol=6 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe |
"{2EFE61B6-5B54-4A00-9145-356160395FCD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2FE67BAC-4A02-41E5-A33F-34944C30A28C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31239DEF-322B-40ED-AC76-9479A1FFE3B5}" = protocol=6 | dir=out | app=system |
"{313BC96A-4B43-4CE1-9294-4C73E18CDCF5}" = protocol=6 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{40FB20BB-CC2B-480B-99CB-E160E9DE818F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{451868AB-E92E-4F14-B757-AC32153962B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4718B71C-1126-4B11-873C-186D7D5FDDC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DAAE1E3-088C-41F2-AE28-6A92BB6F269C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4EDF809A-DA18-4263-9848-65648A556CE0}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{52901668-4D5C-4E9C-8B36-ABD1527DA8AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52926378-1BAB-4FF1-9413-9991AA375556}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{55330478-5C8F-4EC0-9AC5-3A51E227C86F}" = protocol=17 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{59AE6153-2FB4-4157-950F-37738AEF6E35}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B16D48D-240E-4652-8B8D-74C06BA979C6}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{5B933FEF-B54A-4432-8A8E-2C8C56C515EB}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{6070323B-15E4-4075-ACF6-04657F82D1EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A25DC14-18A8-4899-AD77-480765D27883}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6B132403-D192-436B-8FC5-92AA66A889EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7337668E-7653-404B-9966-437E68F80245}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8715999F-9A9A-4840-A738-867536FE93FF}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{8ADE8F38-2CDB-459D-A982-CDFA3B4C830E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8F436003-66F9-4F1F-918C-346DB304DD3D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{91A05394-FCC8-41EF-8D26-BCBEEB7FF85D}" = protocol=17 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe |
"{93DD3199-44F0-4004-8DEC-B4A5FC47F9AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9538CD0D-A9FC-42AE-B3E0-EC333312A226}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{95769600-67EE-4A0A-82B0-BF229DB64927}" = protocol=17 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{98FE7F34-4D9D-45C7-A040-BD1098ACE2ED}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{9C893CDD-B004-4200-A4B4-1515C1A58765}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9F4911FF-D20A-4653-A76A-F97B4CBD57BF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2AD4D5D-2DBD-4A87-B08E-E6050198F769}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BA72EEBE-7660-47BB-958E-F94BC48E8C48}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{EAD3A3A3-B444-4202-BFF9-907B4D02118B}" = protocol=6 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{F4C705DF-9E77-4741-81E2-0D6CDDA9AFD9}" = protocol=6 | dir=in | app=c:\users\marit\appdata\local\apps\2.0\1jjhkj22.8tr\27eo07c4.zhr\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe |
"{FD684FF7-395D-4909-BEF5-E8275FCDDE79}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{FD916EBD-2B3D-4821-9D8B-599E315377FF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{F39CFFCD-4AD3-4252-B638-49E75E11C4BE}C:\program files\pons\interaktiv\ii_anfkurs\ii_anfkurs.exe" = protocol=6 | dir=in | app=c:\program files\pons\interaktiv\ii_anfkurs\ii_anfkurs.exe |
"UDP Query User{BDB19883-44EA-49F1-B0DD-D3B0533EAA2A}C:\program files\pons\interaktiv\ii_anfkurs\ii_anfkurs.exe" = protocol=17 | dir=in | app=c:\program files\pons\interaktiv\ii_anfkurs\ii_anfkurs.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{16FA02A4-D3A6-4993-AE26-3A98B243D2AE}" = SDL Passolo Essential 2011 SP4
"{171D8D76-3F05-455A-A8AF-C561C2679905}" = Open XML SDK 2.0 for Microsoft Office
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20095281-20D1-48DB-A311-53D2356F6B04}" = SDL MultiTerm 2011 SP1 Desktop
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024F0}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{275B5BB8-EE6E-4DC2-A805-7D909A48E41C}" = SDL MultiTerm 2011 SP1 Core
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACROSS)
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C38D421-BC10-4C08-92AB-6C0C8D834275}" = Across Personal Edition
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8AE086-030F-4EF4-B705-63F8130B043E}" = DigitalPersona Personal 4.01
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A9B30F0-7489-42EE-BB01-50DEBA17E37F}" = SDL MultiTerm 2011 SP1 Widget
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7230BA04-AE1B-4C17-91A0-E7DF6DF6E05C}" = SDL Trados Compatibility module
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B3C2A3-ADD6-4E63-89D3-1E3AC115D3FA}" = pdfforge Toolbar v6.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9EEEF699-0D23-4538-8929-DF27656964FE}" = SDL Trados Studio 2011 SP1
"{9FCB6355-689E-4141-9714-3EEC2AE10292}" = Validity Sensors DDK
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.20
"{D40E651E-F9C9-42DE-A585-739322181ECA}" = SDL MultiTerm 2011 SP1 Word Integration
"{D6633B6E-DF62-4C9D-B73C-D85F7C53F022}" = SDL MultiTerm 2011 SP1 Convert
"{DBF16333-986E-4026-8692-6DC15F79EB22}" = SDL MultiTerm 2011 SP1 Administrator
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Alte und neue Schulschriften" = Alte und neue Schulschriften
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Canon MX850 series Benutzerregistrierung" = Canon MX850 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Dell Webcam Central" = Dell Webcam Central
"DW WLAN Card Utility" = DW WLAN Card Utility
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"IntelliWebSearch" = IntelliWebSearch v.3
"IrfanView" = IrfanView (remove only)
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"Multiterm2011" = SDL MultiTerm 2011 SP1 - Remove suite of products
"NeroRecode!UninstallKey" = Nero Recode CE
"Netzmanager" = Netzmanager
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"phase-6" = phase-6 2.1.2.4a
"SynTPDeinstKey" = Dell Touchpad
"TIPP10_is1" = TIPP10 Version 2.1.0
"TranslationStudio2011" = SDL Trados 2011 SP1 - Remove suite of products
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZonerPhotoStudio14_DE_is1" = Zoner Photo Studio 14 FREE
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.07.2012 11:21:06 | Computer Name = Marit-PC | Source = EventSystem | ID = 4621
Description =
Error - 09.07.2012 06:31:35 | Computer Name = Marit-PC | Source = EventSystem | ID = 4622
Description =
Error - 09.07.2012 09:10:22 | Computer Name = Marit-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
nicht initialisiert werden. Details: Could not query the status of the EventSystem
service. System Error: Der RPC-Server ist nicht verfügbar. .
Error - 09.07.2012 09:15:14 | Computer Name = Marit-PC | Source = EventSystem | ID = 4621
Description =
Error - 09.07.2012 13:36:05 | Computer Name = Marit-PC | Source = EventSystem | ID = 4621
Description =
Error - 09.07.2012 13:42:53 | Computer Name = Marit-PC | Source = EventSystem | ID = 4621
Description =
Error - 10.07.2012 01:55:40 | Computer Name = Marit-PC | Source = EventSystem | ID = 4621
Description =
Error - 10.07.2012 02:00:07 | Computer Name = Marit-PC | Source = EventSystem | ID = 4622
Description =
Error - 10.07.2012 02:27:33 | Computer Name = Marit-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1533
Description = Das Profilverzeichnis kann nicht gelöscht werden C:\Users\Temp. Dies
liegt u. U. daran, dass Dateien in diesem Verzeichnis von einem anderen Programm
verwendet werden. DETAIL - Das Verzeichnis ist nicht leer.
Error - 10.07.2012 02:27:59 | Computer Name = Marit-PC | Source = EventSystem | ID = 4622
Description =
Error - 10.07.2012 02:27:59 | Computer Name = Marit-PC | Source = EventSystem | ID = 4621
Description =
[ Media Center Events ]
Error - 05.12.2010 22:08:10 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 03:08:09 - Fehler beim Herstellen der Internetverbindung. 03:08:09
- Serververbindung konnte nicht hergestellt werden..
Error - 05.12.2010 23:11:14 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 04:11:14 - Fehler beim Herstellen der Internetverbindung. 04:11:14
- Serververbindung konnte nicht hergestellt werden..
Error - 31.12.2010 16:15:37 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 21:15:37 - Fehler beim Herstellen der Internetverbindung. 21:15:37
- Serververbindung konnte nicht hergestellt werden..
Error - 26.12.2011 13:33:51 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 18:33:50 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 17.01.2012 22:37:11 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 03:37:11 - Fehler beim Herstellen der Internetverbindung. 03:37:11
- Serververbindung konnte nicht hergestellt werden..
Error - 17.01.2012 23:40:16 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 04:40:16 - Fehler beim Herstellen der Internetverbindung. 04:40:16
- Serververbindung konnte nicht hergestellt werden..
Error - 19.02.2012 22:04:31 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 03:04:31 - Fehler beim Herstellen der Internetverbindung. 03:04:31
- Serververbindung konnte nicht hergestellt werden..
Error - 19.02.2012 23:07:36 | Computer Name = Marit-PC | Source = MCUpdate | ID = 0
Description = 04:07:36 - Fehler beim Herstellen der Internetverbindung. 04:07:36
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 09.07.2012 14:23:47 | Computer Name = Marit-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.25
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 09.07.2012 14:23:51 | Computer Name = Marit-PC | Source = BROWSER | ID = 8020
Description =
Error - 09.07.2012 14:29:02 | Computer Name = Marit-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.25
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 09.07.2012 14:30:47 | Computer Name = Marit-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.25
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 10.07.2012 01:19:41 | Computer Name = Marit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Planer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 10.07.2012 01:19:42 | Computer Name = Marit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 10.07.2012 01:56:38 | Computer Name = Marit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Planer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 10.07.2012 01:56:39 | Computer Name = Marit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 10.07.2012 02:22:52 | Computer Name = Marit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Planer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 10.07.2012 02:22:53 | Computer Name = Marit-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-10 10:17:02
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.D005
Running: vnj9iq65.exe; Driver: C:\Users\NoAdmin\AppData\Local\Temp\fgloypod.sys
---- System - GMER 1.0.15 ----
SSDT 90EA8166 ZwCreateSection
SSDT 90EA816B ZwSetContextThread
SSDT 90EA8107 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82E58599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7D092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 82E84990 4 Bytes [66, 81, EA, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 82E84D30 4 Bytes [6B, 81, EA, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82E84E08 4 Bytes [07, 81, EA, 90]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!free 760E9894 5 Bytes JMP 0A93C1A0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!malloc 760E9CEE 5 Bytes JMP 0A93BED0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!??3@YAXPAX@Z 760EB0B9 5 Bytes JMP 0A93C1A0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!??2@YAPAXI@Z 760EB0C9 5 Bytes JMP 0A93C140 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!realloc 760EB10D 5 Bytes JMP 0A93BF50 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!calloc 760EC456 5 Bytes JMP 0A93BF10 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_msize 760EF43B 5 Bytes JMP 0A93BF70 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_aligned_free 76105942 5 Bytes JMP 0A93C1A0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_aligned_malloc 7611028D 5 Bytes JMP 0A93C080 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_aligned_offset_malloc 761102A9 5 Bytes JMP 0A93C0A0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 7613BFD1 5 Bytes JMP 0A93C1D0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_aligned_offset_realloc 7613BFE1 5 Bytes JMP 0A93C0E0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_aligned_realloc 7613C16B 5 Bytes JMP 0A93C0C0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_expand 7613C18A 5 Bytes JMP 0A93C060 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_heapadd 7613DD03 5 Bytes JMP 0A93C220 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_heapchk 7613DD17 5 Bytes JMP 0A93C230 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_heapset + 1 7613DE16 4 Bytes JMP 0A93C251 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_heapmin 7613DE1F 5 Bytes JMP 0A93C320 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_heapused 7613DF05 5 Bytes JMP 0A93C2F0 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe[8100] msvcrt.dll!_heapwalk 7613DF18 5 Bytes JMP 0A93C260 C:\Program Files\Common Files\SDL\MultiTerm9\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe[2172] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D35E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe[2172] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D35E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe[2172] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D35E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe[2172] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D35E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe[2172] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75D35E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe[2172] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75D35E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749F24FA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749D565B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749D5719] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [749F2575] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749E85D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749E4D8D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749E5134] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749E5209] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [749E6736] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749E8330] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749E887F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749E90E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749EE283] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[5248] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749E4CBF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000085 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000087 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4cddabfe
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4cddabfe (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Oder schmeiß ich hier besser alles runter uns installiere neu?  Schon mal vielen Dank nicedaytoday |
|
12.07.2012, 19:57
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | (2x) Gesten sirefef gefunden - jetzt weg oder nicht? Du hast hier schon einen Thread! => http://www.trojaner-board.de/118985-...nt-sicher.html
__________________
__________________ |
| Themen zu (2x) Gesten sirefef gefunden - jetzt weg oder nicht? |
| antivir, antivir guard, autorun, avira, bho, bingbar, bonjour, canon, converter, document, dsl, error, excel, fehler, firefox, flash player, home, install.exe, ip-adresse, locker, logfile, memory management, microsoft office word, mozilla, object, pdfforge toolbar, plug-in, profilverzeichnis, registry, scan, searchscopes, security, server, svchost.exe, system error, trojaner, windows |
Linear-Darstellung
