|
Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen2 von Avira Antivir gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.10.2012, 08:37 | #16 | |
/// the machine /// TB-Ausbilder | TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden Sieht gut aus, lösche bitte Combofix vom desktop. Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.10.2012, 09:49 | #17 |
| TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden Combofix Logfile:
__________________Code:
ATTFilter ComboFix 12-10-24.02 - *** 25.10.2012 10:32:19.4.4 - x64 NETWORK Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3767.2671 [GMT 2:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . ((((((((((((((((((((((( Dateien erstellt von 2012-09-25 bis 2012-10-25 )))))))))))))))))))))))))))))) . . 2012-10-25 08:36 . 2012-10-25 08:36 -------- d-----w- c:\users\SYSTEM\AppData\Local\temp 2012-10-25 08:36 . 2012-10-25 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-24 13:12 . 2012-10-24 13:12 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-10-24 12:34 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17718035-56D6-4DCA-B648-E91744293E32}\mpengine.dll 2012-10-24 12:32 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-24 12:32 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-24 12:32 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-24 12:32 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-24 12:32 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-24 12:32 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-24 12:32 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-24 12:32 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-24 12:32 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-24 12:32 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-24 12:32 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-14 12:17 . 2012-10-14 13:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-10-14 12:17 . 2012-10-14 13:33 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-10-14 08:36 . 2012-10-14 08:38 -------- d-----w- c:\programdata\Max Secure 2012-10-14 08:28 . 2012-10-14 08:28 -------- d-----w- c:\users\***\AppData\Local\Max Secure Software 2012-10-14 08:28 . 2012-10-14 08:29 -------- d-----w- c:\users\***\AppData\Roaming\GetRightToGo 2012-10-13 20:01 . 2012-10-13 20:01 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes 2012-10-13 20:01 . 2012-10-13 20:01 -------- d-----w- c:\programdata\Malwarebytes 2012-10-12 16:38 . 2012-10-12 16:38 -------- d-----w- c:\program files (x86)\Common Files\xing shared 2012-09-29 09:33 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-24 13:10 . 2012-04-15 08:12 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-24 13:10 . 2011-05-14 07:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-12 16:37 . 2012-06-02 13:59 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-10-12 16:37 . 2012-06-02 13:59 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-09-24 13:32 . 2012-07-22 11:00 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-24 13:32 . 2011-08-28 09:45 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-15 15:49 . 2010-03-12 09:02 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-08-24 11:15 . 2012-09-23 18:18 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-23 18:18 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-23 18:18 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-23 18:18 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-23 18:18 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-23 18:18 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-23 18:18 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-23 18:18 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-23 18:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-23 18:18 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-23 18:18 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-23 18:18 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-23 18:18 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-23 18:18 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-23 18:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-23 18:18 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-23 18:18 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-23 18:18 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-23 18:18 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-23 18:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-23 18:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-23 18:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-15 11:32 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-15 11:32 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-15 11:32 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-15 11:32 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-20 17:38 . 2012-10-24 12:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-02 17:58 . 2012-09-15 11:32 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-08-02 16:57 . 2012-09-15 11:32 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-06 1353080] "Spotify Web Helper"="c:\users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-30 1193176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "Lexmark 7600 Series"="c:\program files (x86)\Lexmark 7600 Series\fm3032.exe" [2009-10-26 311976] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-10 300400] "UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2010-04-27 138072] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files (x86)\Musik\iTunes\iTunesHelper.exe" [2012-06-07 421776] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-10-12 296096] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984] OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-5-26 159744] AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-5-26 663552] Logitech Media Server-Taskleisten-Tool.lnk - c:\program files (x86)\Musik\Squeezebox\SqueezeTray.exe [2011-11-6 3051619] maxdome Download Manager.lnk - c:\program files (x86)\maxdome\DCBin\DCTrayApp.exe [2009-5-1 88808] Online plug-in.lnk - c:\windows\Installer\{E5F3D1E9-006E-4435-85D6-483B66376655}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2011-9-30 77824] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488] WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-11-30 18:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600] R2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-16 375760] R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-16 86224] R2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-16 465360] R2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2008-10-21 352256] R2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-06 397312] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 135664] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe [2009-10-16 1044136] R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe [2009-10-16 33960] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 Prosieben;maxdome Download Manager;c:\program files (x86)\maxdome\DCBin\DCService.exe [2009-05-01 77032] R2 QPCopyEngine;QPCopyEngine;c:\program files\Iomega\QuikProtect\QpMonitor.exe [2010-06-24 394544] R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-03-12 117248] R2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe [2010-04-27 247152] R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240] R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312] R2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 250808] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-25 19968] R3 arcvad_ds2dhw;ArcMIVEVad Service;c:\windows\system32\drivers\ArcVad.sys [2008-10-28 27136] R3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [2009-08-24 1622528] R3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2011-03-07 116096] R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2010-03-12 292864] R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-05-04 2438696] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 135664] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-03-12 151936] R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-03-12 244736] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720] R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-05 11776] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-29 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 QsFsFltr;QsFsFltr;c:\windows\system32\DRIVERS\QsFsFltr.sys [2010-06-24 22584] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248] R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464] R3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-26 834544] S1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys [2008-09-25 270272] S1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys [2008-08-28 80320] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2009-10-29 93696] S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [2010-03-12 76800] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464] S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Inhalt des "geplante Tasks" Ordners . 2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 13:10] . 2012-09-29 c:\windows\Tasks\Google Software Updater.job - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-24 08:26] . 2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 20:57] . 2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 20:57] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-10-29 18:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-10-29 18:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-12 8321568] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-12 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-12 390680] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-12 410136] "lxdwmon.exe"="c:\program files (x86)\Lexmark 7600 Series\lxdwmon.exe" [2009-10-26 676520] "lxdwamon"="c:\program files (x86)\Lexmark 7600 Series\lxdwamon.exe" [2009-10-26 16040] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "QuiKProtect"="c:\program files\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.16 192.168.1.254 TCP: Interfaces\{A623A17F-27B7-4B2A-A369-7552616D3C44}: NameServer = 192.168.10.110 10.11.12.14 FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\izftv7y7.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (de) FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - ExtSQL: 2012-09-08 14:08; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-10-12 18:37; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - ExtSQL: 2012-10-24 15:12; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Prosieben] "ImagePath"="\"c:\program files (x86)\maxdome\DCBin\DCService.exe\" /accountid:Prosieben" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-10-25 10:38:21 ComboFix-quarantined-files.txt 2012-10-25 08:38 . Vor Suchlauf: 14 Verzeichnis(se), 26.979.139.584 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 26.880.520.192 Bytes frei . - - End Of File - - 4EFF8981806FA036BFB34D16F70A1164 |
25.10.2012, 10:44 | #18 |
/// the machine /// TB-Ausbilder | TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden Kannst Du immer noch nix im Normalmodus machen?
__________________
__________________ |
25.10.2012, 11:13 | #19 |
| TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden Nein, vom Start des Rechners bis zum Start des Browsers sind jetzt 15 Minuten vergangen. Hier schreiben geht zügig, ein neues Programm starten dauert mindestens nochmal 2 - 3 Minuten. Prozessorauslastung pendelt so bis maximal 7%. |
25.10.2012, 11:14 | #20 |
/// the machine /// TB-Ausbilder | TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden Lass Combofix und OTL bitte im Normalmodus laufen, ich brauch Logs von dem Zustand der Probleme macht.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.10.2012, 15:09 | #21 |
| TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden Das hat jetzt gedauert... Ein paar Dinge vorab. Das System läuft ca. 30 Minuten äußerst langsam, danach geht es eigentlich. Im Ereignisprotokoll kann sehen, dass einige Dienste nichts gestartet werden konnten. Avirus hat vorhin den gleichen Virus in der gleichen Datei gefunden Jetzt die Logs (wobei OTL nur eine die OTL.txt erstellt hat, keine Extra.txt)OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.10.2012 14:36:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 52,51% Memory free 7,36 Gb Paging File | 5,04 Gb Available in Paging File | 68,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,65 Gb Total Space | 25,90 Gb Free Space | 26,52% Space Free | Partition Type: NTFS Drive D: | 262,91 Gb Total Space | 32,71 Gb Free Space | 12,44% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 29,37 Gb Free Space | 30,07% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Musik\Squeezebox\SqueezeTray.exe (Logitech Inc.) PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Join Air\UIExec.exe () PRC - C:\Program Files (x86)\Join Air\AssistantServices.exe () PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\Citrix\ICA Client\PNAMAIN.EXE (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe () PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe () PRC - C:\Program Files (x86)\Lexmark 7600 Series\lxdwMsdMon.exe () PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.) PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) PRC - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\bd5179a413bc0c4b82eedc22c6cab101\re.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\eb138ef0e4282611dbf485a302784646\LibYAML.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\93e7e3d6030f426844228042348210cf\Service.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\e56c61f7248672819579325af3387035\POSIX.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\f233f63b6654362865c7577442edb9e3\Win32.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\c5cce8d16a1bd48692b421dcf46d3396\Util.dll () MOD - C:\Users\GB23AD~1\AppData\Local\Temp\pdk-G[e4]b-3860\4461f48e31bde5c56b31b973b773de09\List.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Join Air\UIExec.exe () MOD - C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe () MOD - C:\Program Files (x86)\Lexmark 7600 Series\lxdwMsdMon.exe () MOD - C:\Program Files (x86)\Lexmark 7600 Series\lxdwcaps.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\lxdwscw.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\lxdwDRS.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\lxdwcnv4.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\lxdwdatr.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\App4R.Monitor.Core.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\App4R.Monitor.Common.dll () MOD - C:\Program Files (x86)\Lexmark 7600 Series\app4r.devmons.mcmdevmon.dll () MOD - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () MOD - C:\Program Files (x86)\Lexmark 7600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll () ========== Services (SafeList) ========== SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV:64bit: - (lxdw_device) -- C:\Windows\SysNative\lxdwcoms.exe ( ) SRV:64bit: - (lxdwCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdwserv.exe () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (CGVPNCliSrvc) -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe () SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (QPCopyEngine) -- C:\Programme\Iomega\QuikProtect\QpMonitor.exe () SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (UI Assistant Service) -- C:\Program Files (x86)\Join Air\AssistantServices.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.) SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (AVerScheduleService) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe () SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (WDDMService) -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (lxdwCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe () SRV - (lxdw_device) -- C:\Windows\SysWOW64\lxdwcoms.exe ( ) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AVerRemote) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation) DRV:64bit: - (QsFsFltr) -- C:\Windows\SysNative\drivers\QsFsFltr.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.) DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (AVer7231_x64) -- C:\Windows\SysNative\drivers\AVer7231_x64.sys (AVerMedia TECHNOLOGIES, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (arcvad_ds2dhw) -- C:\Windows\SysNative\drivers\ArcVad.sys (ArcSoft, Inc.) DRV:64bit: - (Ext2fs) -- C:\Windows\SysNative\drivers\ext2fs.sys (Stephan Schreiber) DRV:64bit: - (IfsMount) -- C:\Windows\SysNative\drivers\ifsmount.sys (Stephan Schreiber) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD B4 8C 9D 34 7E CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.9 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "88.152.38.215" FF - prefs.js..network.proxy.ftp_port: 27306 FF - prefs.js..network.proxy.gopher: "88.152.38.215" FF - prefs.js..network.proxy.gopher_port: 27306 FF - prefs.js..network.proxy.http: "88.152.38.215" FF - prefs.js..network.proxy.http_port: 27306 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "88.152.38.215" FF - prefs.js..network.proxy.socks_port: 27306 FF - prefs.js..network.proxy.ssl: "88.152.38.215" FF - prefs.js..network.proxy.ssl_port: 27306 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Video\Veetle\VLCBroadcast\npvbp.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\Video\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\***\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.13 18:16:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.13 18:16:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.13 18:16:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.29 22:29:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 18:38:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.15 02:21:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.29 22:29:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 18:38:34 | 000,000,000 | ---D | M] [2010.03.24 12:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.03.24 12:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.24 15:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\izftv7y7.default\extensions [2012.10.24 15:15:59 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\izftv7y7.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.10.07 21:00:41 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\izftv7y7.default\extensions\foxmarks@kei.com [2012.07.29 12:30:51 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\izftv7y7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.12 18:42:54 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\izftv7y7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2010.11.20 19:13:25 | 000,001,330 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\izftv7y7.default\searchplugins\wikipedia-en.xml [2010.06.15 22:44:45 | 000,001,032 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\izftv7y7.default\searchplugins\wikipedia-eng.xml [2012.10.24 15:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.22 13:00:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.08 14:08:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.24 15:12:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\GäB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZFTV7Y7.DEFAULT\EXTENSIONS\FOXMARKS@KEI.COM [2012.07.29 22:29:30 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.03.11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010.03.11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010.03.11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010.03.11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010.03.11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2012.10.12 18:37:20 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.03.11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012.02.26 11:31:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.26 11:31:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.26 11:31:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.26 11:31:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.26 11:31:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.26 11:31:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\Musik\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\Video\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\G\u00E4b\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: English vocabulary = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmklfohhllfpjjmjejencmaodgiknmj\0.5_0\ O1 HOSTS File: ([2012.10.25 09:56:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxdwamon] C:\Program Files (x86)\Lexmark 7600 Series\lxdwamon.exe () O4:64bit: - HKLM..\Run: [lxdwmon.exe] C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Lexmark 7600 Series] C:\Program Files (x86)\Lexmark 7600 Series\fm3032.exe () O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe () O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.16 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{078F42BC-98E7-4511-A7C5-537B5AA19713}: DhcpNameServer = 192.168.1.16 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E2C5616-5C43-470B-80A6-9E60872340C8}: DhcpNameServer = 192.168.1.16 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A623A17F-27B7-4B2A-A369-7552616D3C44}: NameServer = 192.168.10.110 10.11.12.14 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B21750F8-7F59-4989-8F3A-AF32C839854D}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C143D9C4-A6CE-4F7C-9668-5857FE5FEBE7}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C259A953-8775-40CF-A4B2-6E58EADC43DE}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.25 13:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\AuthenTec [2012.10.25 13:31:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.10.25 12:27:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.10.25 12:12:21 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.10.25 11:46:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.25 10:30:47 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.25 10:28:39 | 004,989,133 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.10.25 09:13:54 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2012.10.25 08:40:10 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2012.10.24 15:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.10.14 14:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.10.14 14:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.10.14 14:15:35 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.14 13:56:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.14 13:56:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.14 13:56:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.14 13:55:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.14 10:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Max Secure [2012.10.14 10:28:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Max Secure Software [2012.10.14 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GetRightToGo [2012.10.13 22:01:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.10.13 22:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.12 18:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared ========== Files - Modified Within 30 Days ========== [2012.10.25 14:10:57 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.25 14:10:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.25 14:09:44 | 2962,403,328 | -HS- | M] () -- C:\hiberfil.sys [2012.10.25 13:51:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.25 13:31:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.10.25 13:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.25 13:07:32 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.10.25 12:29:23 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.25 12:29:23 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.25 12:29:23 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.25 12:29:23 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.25 12:29:23 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.25 10:29:52 | 004,989,133 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2012.10.25 09:56:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.10.25 09:13:56 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2012.10.25 08:40:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2012.10.24 14:29:17 | 000,016,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.24 14:29:17 | 000,016,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.24 10:08:23 | 000,000,034 | ---- | M] () -- C:\Windows\cdplayer.ini [2012.10.14 16:04:17 | 000,000,214 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.10.14 15:18:51 | 000,211,194 | ---- | M] () -- C:\Users\***\Documents\cc_20121014_151840.reg [2012.10.14 14:11:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20121014-144403.backup [2012.10.14 13:54:04 | 000,418,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.12 18:38:18 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.10.12 18:37:08 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.09.30 15:52:42 | 000,325,552 | ---- | M] () -- C:\test.xml ========== Files Created - No Company Name ========== [2012.10.24 10:08:23 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.10.14 16:04:17 | 000,000,214 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.10.14 15:18:49 | 000,211,194 | ---- | C] () -- C:\Users\***\Documents\cc_20121014_151840.reg [2012.10.14 13:56:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.14 13:56:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.14 13:56:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.14 13:56:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.14 13:56:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.12 18:38:18 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.08.11 15:55:23 | 000,000,000 | ---- | C] () -- C:\Users\***\Tatort-Tatort-4431345-Tatort.asx.asf [2011.11.03 18:58:22 | 000,000,029 | ---- | C] () -- C:\Windows\AVFTP.INI [2011.09.06 22:32:21 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2011.04.28 12:29:11 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\RSLSP.dll [2011.03.20 17:22:09 | 000,007,680 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.09 01:24:33 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.08.05 20:42:39 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2010.04.20 19:51:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.24 10:27:12 | 000,011,659 | ---- | C] () -- C:\Users\***\AppData\Local\backup.vtp ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.10.17 18:06:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\7600 Series [2012.09.08 17:58:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.02.21 20:03:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\App Launcher Gadget [2010.06.12 07:08:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics [2011.01.23 13:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\aWARemote [2012.04.15 20:01:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre [2010.07.25 16:08:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2012.10.14 01:06:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Desktopicon [2012.10.25 14:11:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.10.24 10:27:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.01.27 21:16:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000 [2012.10.14 10:29:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2011.02.25 23:27:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2010.10.09 22:43:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabIt - x [2011.09.06 22:31:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.03.24 22:20:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HyperLyrics [2011.09.30 14:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient [2010.10.19 16:57:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2011.02.06 13:32:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexmark Productivity Studio [2012.10.24 10:12:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2010.03.25 13:22:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games [2010.11.21 18:17:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook [2011.04.27 23:58:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar GmbH [2010.03.24 10:27:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite [2011.07.16 13:22:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM [2012.09.23 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify [2010.03.25 13:22:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sync App Settings [2010.03.24 12:59:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.03.24 11:35:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toolbars [2010.03.24 12:18:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt [2010.06.10 16:33:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Western Digital ========== Purity Check ========== < End of report > Combofix Logfile: Code:
ATTFilter ComboFix 12-10-25.01 - *** 25.10.2012 14:54:37.5.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3767.1824 [GMT 2:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\***\AppData\Local\Temp\pdk-***-3860\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\4461f48e31bde5c56b31b973b773de09\List.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\93e7e3d6030f426844228042348210cf\Service.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\bd5179a413bc0c4b82eedc22c6cab101\re.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\c5cce8d16a1bd48692b421dcf46d3396\Util.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\e56c61f7248672819579325af3387035\POSIX.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\eb138ef0e4282611dbf485a302784646\LibYAML.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\f233f63b6654362865c7577442edb9e3\Win32.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\perl514.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\4461f48e31bde5c56b31b973b773de09\List.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\93e7e3d6030f426844228042348210cf\Service.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\bd5179a413bc0c4b82eedc22c6cab101\re.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\c5cce8d16a1bd48692b421dcf46d3396\Util.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\e56c61f7248672819579325af3387035\POSIX.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\eb138ef0e4282611dbf485a302784646\LibYAML.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\f233f63b6654362865c7577442edb9e3\Win32.dll c:\users\***\AppData\Local\Temp\pdk-***-3860\perl514.dll . . ((((((((((((((((((((((( Dateien erstellt von 2012-09-25 bis 2012-10-25 )))))))))))))))))))))))))))))) . . 2012-10-25 13:11 . 2012-10-25 13:11 -------- d-----w- c:\users\SYSTEM\AppData\Local\temp 2012-10-25 13:11 . 2012-10-25 13:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-25 11:45 . 2012-10-25 11:45 -------- d-----w- c:\program files\AuthenTec 2012-10-25 11:43 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-10-25 11:43 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2012-10-25 11:43 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2012-10-25 11:43 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-10-25 11:43 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2012-10-25 11:43 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2012-10-25 11:43 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-10-25 11:43 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-10-25 11:43 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-10-25 10:12 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-25 10:12 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-10-25 10:12 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-10-25 10:12 . 2012-10-25 10:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-10-24 13:17 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-24 13:17 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-24 13:12 . 2012-10-24 13:12 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-10-24 12:34 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17718035-56D6-4DCA-B648-E91744293E32}\mpengine.dll 2012-10-24 12:32 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-24 12:32 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-24 12:32 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-24 12:32 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-24 12:32 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-24 12:32 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-24 12:32 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-24 12:32 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-24 12:32 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-24 12:32 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-24 12:32 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-14 12:17 . 2012-10-14 13:33 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-10-14 08:28 . 2012-10-14 08:28 -------- d-----w- c:\users\***\AppData\Local\Max Secure Software 2012-10-14 08:28 . 2012-10-14 08:29 -------- d-----w- c:\users\***\AppData\Roaming\GetRightToGo 2012-10-12 16:38 . 2012-10-12 16:38 -------- d-----w- c:\program files (x86)\Common Files\xing shared 2012-09-29 09:33 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-25 10:13 . 2010-03-12 09:02 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-24 13:10 . 2012-04-15 08:12 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-24 13:10 . 2011-05-14 07:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-12 16:37 . 2012-06-02 13:59 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-10-12 16:37 . 2012-06-02 13:59 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-09-24 13:32 . 2012-07-22 11:00 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-24 13:32 . 2011-08-28 09:45 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-24 11:15 . 2012-09-23 18:18 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-23 18:18 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-23 18:18 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-23 18:18 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-23 18:18 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-23 18:18 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-23 18:18 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-23 18:18 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-23 18:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-23 18:18 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-23 18:18 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-23 18:18 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-23 18:18 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-23 18:18 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-23 18:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-23 18:18 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-23 18:18 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-23 18:18 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-23 18:18 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-23 18:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-23 18:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-23 18:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-15 11:32 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-15 11:32 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-15 11:32 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-15 11:32 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-20 17:38 . 2012-10-24 12:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-15 15:12 . 2012-08-15 15:12 20000 ----a-w- c:\windows\system32\tccoinst.dll 2012-08-15 15:12 . 2012-08-15 15:12 1014440 ----a-w- c:\windows\system32\drivers\UMDF\tcwbf.dll 2012-08-02 17:58 . 2012-09-15 11:32 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-08-02 16:57 . 2012-09-15 11:32 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-06 1353080] "Spotify Web Helper"="c:\users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-30 1193176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "Lexmark 7600 Series"="c:\program files (x86)\Lexmark 7600 Series\fm3032.exe" [2009-10-26 311976] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-10 300400] "UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2010-04-27 138072] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-10-12 296096] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984] OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-5-26 159744] AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-5-26 663552] Logitech Media Server-Taskleisten-Tool.lnk - c:\program files (x86)\Musik\Squeezebox\SqueezeTray.exe [2011-11-6 3051619] Online plug-in.lnk - c:\windows\Installer\{E5F3D1E9-006E-4435-85D6-483B66376655}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2011-9-30 77824] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488] WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-11-30 18:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 135664] R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe [2009-10-16 33960] R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240] R3 arcvad_ds2dhw;ArcMIVEVad Service;c:\windows\system32\drivers\ArcVad.sys [2008-10-28 27136] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 135664] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720] R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-05 11776] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-29 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 QsFsFltr;QsFsFltr;c:\windows\system32\DRIVERS\QsFsFltr.sys [2010-06-24 22584] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464] R3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 250808] R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-05-04 2438696] R4 QPCopyEngine;QPCopyEngine;c:\program files\Iomega\QuikProtect\QpMonitor.exe [2010-06-24 394544] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-26 834544] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600] S1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys [2008-09-25 270272] S1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys [2008-08-28 80320] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-16 375760] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-16 86224] S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-16 465360] S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2008-10-21 352256] S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-06 397312] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe [2009-10-16 1044136] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2009-10-29 93696] S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [2010-03-12 76800] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe [2010-04-27 247152] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312] S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536] S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480] S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [2009-08-24 1622528] S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2011-03-07 116096] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2010-03-12 292864] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-03-12 151936] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-03-12 244736] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464] S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Inhalt des "geplante Tasks" Ordners . 2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 13:10] . 2012-10-25 c:\windows\Tasks\Google Software Updater.job - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-24 08:26] . 2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 20:57] . 2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 20:57] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-10-29 18:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-10-29 18:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-12 8321568] "PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-12 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-12 390680] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-12 410136] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "lxdwmon.exe"="c:\program files (x86)\Lexmark 7600 Series\lxdwmon.exe" [2009-10-26 676520] "lxdwamon"="c:\program files (x86)\Lexmark 7600 Series\lxdwamon.exe" [2009-10-26 16040] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.16 192.168.1.254 TCP: Interfaces\{A623A17F-27B7-4B2A-A369-7552616D3C44}: NameServer = 192.168.10.110 10.11.12.14 FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\izftv7y7.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (de) FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - ExtSQL: 2012-09-08 14:08; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-10-12 18:37; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - ExtSQL: 2012-10-24 15:12; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\CDBurnerXP\NMSAccessU.exe c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe c:\program files (x86)\Citrix\ICA Client\ssonsvr.exe c:\windows\SysWOW64\DllHost.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe c:\program files\Sony\VAIO Care\listener.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-10-25 15:39:23 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-10-25 13:39 ComboFix2.txt 2012-10-25 08:38 . Vor Suchlauf: 14 Verzeichnis(se), 27.524.395.008 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 27.058.688.000 Bytes frei . - - End Of File - - 08237065A02410C2DDB9A41469521D7C |
25.10.2012, 15:48 | #22 |
/// the machine /// TB-Ausbilder | TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden Wer hat was wo gefunden?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.10.2012, 18:36 | #23 |
| TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden Avira hat wieder den TR/Crypt.XPACK.Gen2 in der UNS.exe gefunden. |
25.10.2012, 18:49 | #24 |
/// the machine /// TB-Ausbilder | TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden Is ja auch klar, oder hast du in der Zwischenzeit bei Antivir angerufen und denen erzählt dass es ein Fehlalarm is? OTL öffnen, Button Nichts klicken, dann unter Extra Registrierung auf Benutze Safe List klicken und Scan drücken, Log posten. Downloade dir bitte Farbar's Service Scanner
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
26.10.2012, 07:33 | #25 |
| TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden Nein, den Anruf habe ich mir bisher gespart Allerdings habe ich die Datei ja auch schon explizit mit Avira gescannt und es ist nichts erkannt worden... Hier die Logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.10.2012 08:23:33 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 49,26% Memory free 7,36 Gb Paging File | 5,11 Gb Available in Paging File | 69,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,65 Gb Total Space | 25,34 Gb Free Space | 25,95% Space Free | Partition Type: NTFS Drive D: | 262,91 Gb Total Space | 32,71 Gb Free Space | 12,44% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 29,37 Gb Free Space | 30,07% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD B4 8C 9D 34 7E CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.9 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "88.152.38.215" FF - prefs.js..network.proxy.ftp_port: 27306 FF - prefs.js..network.proxy.gopher: "88.152.38.215" FF - prefs.js..network.proxy.gopher_port: 27306 FF - prefs.js..network.proxy.http: "88.152.38.215" FF - prefs.js..network.proxy.http_port: 27306 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "88.152.38.215" FF - prefs.js..network.proxy.socks_port: 27306 FF - prefs.js..network.proxy.ssl: "88.152.38.215" FF - prefs.js..network.proxy.ssl_port: 27306 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Video\Veetle\VLCBroadcast\npvbp.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\Video\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\***\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.13 18:16:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.13 18:16:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.13 18:16:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.29 22:29:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 18:38:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.15 02:21:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.29 22:29:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 18:38:34 | 000,000,000 | ---D | M] [2010.03.24 12:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.03.24 12:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.24 15:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\izftv7y7.default\extensions [2012.10.24 15:15:59 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\izftv7y7.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.10.07 21:00:41 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\izftv7y7.default\extensions\foxmarks@kei.com [2012.07.29 12:30:51 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\izftv7y7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.12 18:42:54 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\izftv7y7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2010.11.20 19:13:25 | 000,001,330 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\izftv7y7.default\searchplugins\wikipedia-en.xml [2010.06.15 22:44:45 | 000,001,032 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\izftv7y7.default\searchplugins\wikipedia-eng.xml [2012.10.24 15:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.22 13:00:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.08 14:08:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.24 15:12:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\GäB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZFTV7Y7.DEFAULT\EXTENSIONS\FOXMARKS@KEI.COM [2012.07.29 22:29:30 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.03.11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010.03.11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010.03.11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010.03.11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010.03.11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2012.10.12 18:37:20 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.03.11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012.02.26 11:31:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.26 11:31:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.26 11:31:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.26 11:31:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.26 11:31:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.26 11:31:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\Musik\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\Video\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\G\u00E4b\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: English vocabulary = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmklfohhllfpjjmjejencmaodgiknmj\0.5_0\ O1 HOSTS File: ([2012.10.25 15:11:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxdwamon] C:\Program Files (x86)\Lexmark 7600 Series\lxdwamon.exe () O4:64bit: - HKLM..\Run: [lxdwmon.exe] C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Lexmark 7600 Series] C:\Program Files (x86)\Lexmark 7600 Series\fm3032.exe () O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe () O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.16 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{078F42BC-98E7-4511-A7C5-537B5AA19713}: DhcpNameServer = 192.168.1.16 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E2C5616-5C43-470B-80A6-9E60872340C8}: DhcpNameServer = 192.168.1.16 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A623A17F-27B7-4B2A-A369-7552616D3C44}: NameServer = 192.168.10.110 10.11.12.14 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B21750F8-7F59-4989-8F3A-AF32C839854D}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C143D9C4-A6CE-4F7C-9668-5857FE5FEBE7}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C259A953-8775-40CF-A4B2-6E58EADC43DE}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) < End of report > Farbar Service Scanner Version: 19-10-2012 Ran by *** (administrator) on 26-10-2012 at 08:30:19 Running from "C:\Users\***\Desktop" Microsoft Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** |
26.10.2012, 07:47 | #26 |
/// the machine /// TB-Ausbilder | TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden Hast Du die Anleitung zu OTL genau beachtet? Falsches Logfile, es sollte nur eine Extras.txt enstehen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
26.10.2012, 07:58 | #27 |
| TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden Anscheinend habe ich etwas falsch angeklickt. Hier jetzt das richtige log-file:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.10.2012 08:54:11 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 49,63% Memory free 7,36 Gb Paging File | 5,06 Gb Available in Paging File | 68,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,65 Gb Total Space | 25,19 Gb Free Space | 25,79% Space Free | Partition Type: NTFS Drive D: | 262,91 Gb Total Space | 32,71 Gb Free Space | 12,44% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 29,37 Gb Free Space | 30,07% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Musik\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Musik\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Musik\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Musik\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Musik\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Musik\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI) "9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI) "9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI) "9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI) "9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI) "9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI) "9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI) "9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI) "9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI) "9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI) "9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI) "9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI) "8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI) "10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI) "9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI) "3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp "3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI) "9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI) "9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI) "9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI) "9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI) "9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI) "9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI) "9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI) "9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI) "9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI) "9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI) "9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI) "8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI) "10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI) "9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI) "3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp "3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0245A3EA-67CF-4D95-B3A0-C0AD06305796}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{060ECB99-1453-4B5F-B93B-0E1C1C7FDF8F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{07D6B5E6-E357-414E-9474-74EA2CD033B4}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{100F0A6E-8E3E-402F-9130-C7D2DE58AB20}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{14B657CA-9079-4B28-8367-0F27AB5CECC9}" = lport=139 | protocol=6 | dir=in | app=system | "{1A8543C1-6C1C-4A4B-8CBC-54EDE0D3513E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1DF70B10-6C71-4E69-8E59-FDA25AB67623}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{3B5F8E7E-9AEC-4511-B12D-9333B0B4F94C}" = rport=137 | protocol=17 | dir=out | app=system | "{4007863C-4B63-492C-ACD4-FC842BB0A22D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4666D27D-5800-4577-B040-5FC42569EC6B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4714C22C-FA5E-4333-A6B2-4AABB1CAE31C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{56066768-B1FB-480B-9969-120A73F07D52}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{57925D15-8F03-4FC9-BFD8-9DC3601C1A4A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{70F127E4-10A4-447E-A07D-E259D6052202}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{71239D9D-3FF6-4418-BD75-DE7A2AB082D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{761E6D7E-5C81-4CFA-B375-FA13F8EE7CE2}" = lport=137 | protocol=17 | dir=in | app=system | "{779460E8-09C4-4738-84FB-D1C28E74F933}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{77A3DC3B-4FD9-4A31-907A-95D156736609}" = lport=10243 | protocol=6 | dir=in | app=system | "{811846C3-85BF-4F85-92F7-27699F73AA67}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8AC55A1D-74C0-4C25-97EF-8AC6327235EE}" = rport=138 | protocol=17 | dir=out | app=system | "{8BDF2D61-D265-46C8-BE95-C87D8CCE64BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9955093F-2BC4-4413-B167-0917F4A24AD3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9A515D46-1029-4EAD-AC8B-BB2A3D5B26C4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9C6D0A7B-3A30-4C67-BC10-5A1BBD8D380D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9DD5DB32-67FF-4651-9B0A-72D27B188D54}" = lport=138 | protocol=17 | dir=in | app=system | "{A22924DA-A967-483C-A54C-ECF05E8DC704}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A337C06F-56C0-48C2-B934-D4C4E292377F}" = lport=2869 | protocol=6 | dir=in | app=system | "{A6E700C6-E7C8-4B6A-A02E-02BAB367D499}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A7A2B11E-E8CB-4765-B874-09DD2165757D}" = lport=445 | protocol=6 | dir=in | app=system | "{A7B07599-5349-4B86-B4A2-EC48E4A5968B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A819A900-6B77-4BE7-B4B6-26140B9E8C90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A943E4C1-730C-4331-81B6-5E6DF5411E50}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{A976DE59-18F3-4445-BC39-3397ACF95ACB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B6F59B67-896F-408E-B4B1-09ECF72EF378}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BA5B802F-F769-4C3D-9762-F632D5286EAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BA8EE8E1-B322-4462-B2A5-A1DDADC49916}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BB7E9523-1CC2-4065-A75C-F0AEEEDA73CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BEF508DE-0BBE-49DD-ADA5-AEA8E426B334}" = rport=10243 | protocol=6 | dir=out | app=system | "{CE87CBA0-2247-41EE-9063-0A2273B5160D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D4F181E4-95E1-45E8-9C4F-E821C2075350}" = lport=2869 | protocol=6 | dir=in | app=system | "{DC580C80-9577-4A0E-86A4-624EC66B3EA0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{E8AACBC0-79F6-4365-B78D-0A4B8B5DB15F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{E8E20A8D-570E-4EE1-B771-71DD82A695B5}" = rport=445 | protocol=6 | dir=out | app=system | "{F688EC91-6183-4221-A830-F7259C1AC7B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F9B4F660-5F59-4831-AE0A-76218C5618C9}" = rport=139 | protocol=6 | dir=out | app=system | "{FB4A10F7-2539-48BF-A977-EF7B48C68A8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{027D1FE9-DA7B-457F-9D1C-59CFB7919DBD}" = protocol=6 | dir=out | app=system | "{07F74171-55E3-4F2B-92A1-68814DEAAE19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0855927A-D10A-4A05-BA2B-A2437647FD32}" = dir=in | app=c:\windows\syswow64\lxdwcoms.exe | "{093EA3EC-17F4-4D90-BD26-96B637E188A1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0DFEDA18-4D1F-4FB0-8242-B4A0D1273285}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{1189F97A-BAE7-4B9C-9913-83779BC49329}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{149A2E76-967F-40CD-8EDD-7430DF3ED803}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\74xwjq68.nqr\hkg59egy.zj9\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{1A40E8AC-D284-452B-B1C5-ABE7EEA1F5A5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2620F896-30D7-4741-AF34-642DDDE581CD}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{2808DBBF-895C-43CB-9231-1A238F40D67D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{28C36165-7ECB-45BF-94E1-81D669672CC7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2A353EC8-6E69-4889-8EBB-DC72CD6BB9B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3107568D-986D-4D3E-A131-DEF2F76E179A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{31F36408-F3D6-40A1-ACF5-D55036CB5374}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\74xwjq68.nqr\hkg59egy.zj9\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{341A61EA-727B-4FBB-98F0-2E192DC4A032}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{358C76FF-7F08-4F30-9284-0284D70BA98C}" = dir=in | app=c:\program files (x86)\musik\squeezebox\server\squeezesvr.exe | "{36B6C420-9721-4027-B9E3-492659B44E4A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7600 series\frun.exe | "{36D12B5B-E090-4E87-952E-D9C4880B295E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{39279280-25BC-42AD-8D02-FF55324AF69A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | "{3D1A5F48-E78A-4B01-B399-D0F7DCB61B41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4243D3ED-9CC5-40A0-9726-D789B9C3EFD4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{431A0E90-4982-46DE-9620-5BD6795CC11B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4429085A-FAB8-4042-BB1E-62D756A2EA79}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{47D82D6F-BF32-4BA1-8FA9-653E4C92C72F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{49883CFC-8E91-4F74-8A09-EE112B60B821}" = dir=in | app=c:\program files (x86)\musik\squeezebox\server\squeezesvr.exe | "{56C63711-BB3C-46FD-A5FD-F39AAD1B9369}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdwcoms.exe | "{5B24B454-02EB-4A6C-BE75-432349ABC4EA}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | "{5E9E211E-8E63-4DEA-999D-B20710CDFF19}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{5F478360-9F0B-44BB-BF18-DD8A781DDF22}" = dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | "{62F752B2-3E1A-44A3-BCB5-08F82F949E81}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{635F529D-DFC1-4357-8B63-88108A06BA37}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe | "{6378E584-1E7C-48B5-9643-D93C68599CD3}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwfax.exe | "{6DED6A6E-DFCC-49A2-94BD-2D921D30E744}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe | "{6EF90DC8-67FA-4C0C-AD57-0B4B79B62B54}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | "{6FC6D03A-683F-4305-AE70-80CE0169CA8A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdwpswx.exe | "{725E6D79-1D3B-4DBF-99CB-528042436F44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{7CC7CDCB-9509-449F-A167-FEF3C727A345}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{80B18E15-5056-4671-985D-86D39638C3BB}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwfax.exe | "{8491793B-2BAB-460D-95DD-2F07C697B00E}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | "{907FC80A-8EF0-42FF-9784-321C2DD74FBF}" = dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdwtime.exe | "{95A4333E-6ED5-4BFE-B09C-5ACE8C300F95}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{9618FBEA-ED52-48F3-B83C-529A7D255DCE}" = protocol=6 | dir=in | app=c:\windows\system32\lxdwcoms.exe | "{9D19234A-AAB0-45D6-8494-D979245C15CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9E53371E-9C6D-433E-A674-033492BEEF33}" = dir=in | app=c:\program files (x86)\musik\squeezebox\server\squeezesvr.exe | "{A8B5B774-5863-4AC4-956E-EBD90DC9DB30}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B057F1AB-5F45-4790-B907-DC3EF8DA8849}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B0D80835-0522-47CB-815D-11DDCF19D6A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B15F7E57-6488-4B6A-942F-51D8E9E1A0F2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B4367343-A457-471E-987F-1D161F3CF79F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B4B567BD-6C53-4E50-8DBE-A020AFE9F1E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B6BF42C5-196D-4B17-97D5-CBAAF3EA81F3}" = dir=in | app=c:\program files (x86)\musik\squeezebox\server\squeezesvr.exe | "{BB471DD6-13C2-4260-8CF1-D3F6F9D24E42}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BBFF0D87-FAC3-4642-BBF0-73CFE1714B26}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | "{BD8D427B-C72E-4469-951A-693EF3430C2B}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{C5252F9D-59D3-461E-AAEF-4ECACFBF9F0B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{C790B834-F062-4DEB-BAA4-1B4C2D7702E9}" = dir=in | app=c:\windows\system32\lxdwcoms.exe | "{CA20B504-1AB0-4DF9-9E9A-A073129D9E32}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CD0CB228-DE18-4C9C-A270-6E82687CC986}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{CF944670-EBED-4C59-B8B5-36AC1F0A798C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D11F1D14-06E0-4AEE-906C-6CCEA1B6DD24}" = protocol=17 | dir=in | app=c:\windows\system32\lxdwcoms.exe | "{D3C75C56-3EEA-4C61-8CC7-BA3860A15AC2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{D47B3D96-A3DD-42A8-9DAD-680CC0203805}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{D66CCB05-E60F-4A93-B3E5-0A9C07FFABA5}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7600 series\frun.exe | "{D6A23277-121B-4501-B6B9-727770145079}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdwcoms.exe | "{DAAF6702-3341-4F46-A263-9901EC7F0815}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DB9C5586-7198-4C8E-9158-6E4906D2D89B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DD34FCD2-965C-4248-AFF3-C14796E52331}" = dir=in | app=c:\program files (x86)\musik\squeezebox\server\squeezesvr.exe | "{DF35103C-3A01-4B9C-B41E-E11E21885C2A}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwamon.exe | "{E26C8EBC-18F7-47A9-BDA9-5068916683D3}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 7600 series\lxdwamon.exe | "{E3414D1C-DFE3-4C65-9755-CA4C63A3F31D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{E487F33D-B4C2-4393-A187-B50421755758}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EA401A53-D12A-4653-890F-DC85085A68D1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EC49A501-6FB5-4398-95FE-B9696D5C7FE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{EFEADD8E-641F-4B9C-BD06-EA775034094F}" = dir=in | app=c:\program files (x86)\musik\squeezebox\server\squeezesvr.exe | "{F071CFC5-F85E-4869-ADA0-068BE50C2E03}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F11826FE-AD32-4881-9387-31BD536BC37F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F3DE867F-E89D-428D-AB56-E799499BD632}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F52BFE01-560B-49A3-A987-B4C854B9F333}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F5B53877-AD8D-4CDA-83DB-BC06D3527EE6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F76402F6-E367-4036-8DD8-A1A4F585D9B7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F7E7E10E-4055-482C-B1D0-860CD1982162}" = dir=in | app=c:\program files (x86)\musik\squeezebox\server\squeezesvr.exe | "TCP Query User{09BDCCA4-4684-4657-A576-F737AA947065}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | "TCP Query User{0F5EEF14-C34B-483A-90FF-0B7FF758E745}C:\users\***\downloads\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\downloader_warcraft3_reign_of_chaos_dede.exe | "TCP Query User{304B19C8-5667-4F73-BB2E-8E74092C9851}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{31D7C01E-6504-474F-960D-803A5F7965AA}D:\spiele\aoe3\age3.exe" = protocol=6 | dir=in | app=d:\spiele\aoe3\age3.exe | "TCP Query User{4B1C689C-573F-4848-A4CD-A89BBA9A9C8E}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=6 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe | "TCP Query User{7CAFD7BF-8DB9-4EEE-867A-B8451B09C438}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=6 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe | "TCP Query User{7ECD72C8-7277-43E1-91B3-C2A20B2D9BB8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{7F1B342E-E0B8-4B73-A8B8-F1F98668A29C}C:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | "TCP Query User{8640951A-CA00-401D-B047-7CE3FE3A5176}C:\users\***\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | "TCP Query User{970289F9-A86D-4118-ADF1-936CD662EC1F}C:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe" = protocol=6 | dir=in | app=c:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe | "TCP Query User{A191FF4B-46DA-463E-A42A-258B98AE6D9E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{AEB076B7-4088-4FB9-A0D6-1DD5586F98B0}D:\spiele\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\spiele\anno 1701\anno1701.exe | "TCP Query User{B9CBAF66-78E7-4580-B879-4BB87B207B21}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{BE9649F0-4F71-4754-94AD-C802F23BCB2A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{BF06E6CF-8C15-4A4A-8F82-650E39DA1353}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "TCP Query User{C5BF5B43-C216-4D85-800C-0B33EC862F16}C:\program files (x86)\musik\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musik\winamp\winamp.exe | "TCP Query User{D3679C79-F6B3-40B6-8406-F29DB7438D65}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{E06EED5D-A405-4960-B846-BB34BD4A621C}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | "TCP Query User{E096AC02-98F1-4945-9597-217FD9FDFA4C}C:\program files (x86)\musik\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musik\winamp\winamp.exe | "TCP Query User{E65363A0-DEC3-4B15-AF14-7FBA3C0D258A}C:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe" = protocol=6 | dir=in | app=c:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe | "UDP Query User{258731C5-2922-44CF-8DEC-EBCE12D59A87}D:\spiele\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\spiele\anno 1701\anno1701.exe | "UDP Query User{30610D84-8C0A-4E9D-AA28-6EBD69EA721E}C:\users\***\downloads\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\downloader_warcraft3_reign_of_chaos_dede.exe | "UDP Query User{32F9BBA6-4FF4-4811-93FE-96C181EFBD58}C:\program files (x86)\musik\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musik\winamp\winamp.exe | "UDP Query User{44DA9DA5-8FA6-464D-A9EE-A9CBA3CBE2E9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{54D2BE1C-DCE8-483D-9E87-E8A5C5818F8B}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=17 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe | "UDP Query User{716BE8E3-7AE6-4250-8D50-45555968F71E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{745749C9-9381-4110-ABE3-83B3607F221E}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | "UDP Query User{7DC0880E-F67C-404E-99A8-211A4418E19D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{864837DE-6AA1-41D7-BB91-19F79BAF39D8}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{8C7F3C17-343E-45C0-A311-BBB907B63984}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{933C4824-260A-449B-B3F7-003D346D9B8D}C:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | "UDP Query User{934393F0-1089-45C2-BE5F-62B7B11EF3C3}C:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe" = protocol=17 | dir=in | app=c:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe | "UDP Query User{BDDD9402-3A98-4864-A993-59C148AEA86E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{C3B81534-D0E1-4BAB-8589-FE596E5261CB}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "UDP Query User{C83B30D5-32B8-43D2-B323-40CABBEDF2E8}D:\spiele\aoe3\age3.exe" = protocol=17 | dir=in | app=d:\spiele\aoe3\age3.exe | "UDP Query User{D23D0AC2-A120-4951-BC8D-453F9ED8E7AC}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | "UDP Query User{D300C333-55CE-4026-BCC8-064B1D12B906}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=17 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe | "UDP Query User{D7C996C8-CD79-4098-9782-24F8F452791F}C:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe" = protocol=17 | dir=in | app=c:\programdata\squeezebox\cache\installedplugins\plugins\spotify\bin\mswin32-x86-multi-thread\spotifyd.exe | "UDP Query User{DF850844-9550-4908-A6DC-FF7064E3D034}C:\program files (x86)\musik\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musik\winamp\winamp.exe | "UDP Query User{E2DFD86C-8310-42F2-9343-59392C45F99D}C:\users\***\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B53FA0E4-739C-435F-9872-E3032F2E08FC}" = Iomega QuikProtect (64-Bit) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CB974C3D-D101-4411-8F54-DCDC58DED815}" = Protector Suite 2009 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CNXT_MODEM_HDA_HSF" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "CyberGhost VPN_is1" = CyberGhost VPN "Ext2Ifs_for_NT6" = Ext2 IFS 1.11a for Windows Vista/2008 "Lexmark 7600 Series" = Lexmark 7600 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix Online Plug-in (Web) "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care "{36E0CAAD-D410-4CA8-9AC0-BBE2691B4A19}" = calibre "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit "{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix Online Plug-in (USB) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung "{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix Online Plug-in (DV) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010 "{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark "{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care "{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "{E5F3D1E9-006E-4435-85D6-483B66376655}" = Citrix Online Plug-in (PNA) "{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix Online Plug-in (HDX) "{EC1AB9B4-349A-4542-A017-4038C299C226}" = Citrix Online Plug-in (SSON) "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Allway Sync_is1" = Allway Sync version 10.2.3 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15 "AmoK Playlist Copy" = AmoK Playlist Copy 2.04 "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin "AVerMedia H968 Hybrid TV Tuner" = AVerMedia H968 Hybrid TV Tuner 2.0.64.13 "Avira AntiVir Desktop" = Avira Antivirus Premium 2012 "CitrixOnlinePluginFull" = Citrix Online Plug-in "DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer "Exifer_is1" = Exifer "FileZilla Client" = FileZilla Client 3.5.3 "FLAC" = FLAC 1.2.1b (remove only) "foobar2000" = foobar2000 v1.1.7 "Google Chrome" = Google Chrome "Google Updater" = Google Updater "InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "JDownloader" = JDownloader "KeePass Password Safe_is1" = KeePass Password Safe 1.18 "Logitech Media Server_is1" = Logitech Media Server 7.7.2 "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.49b "NAVIGON Fresh" = NAVIGON Fresh 3.3.2 "Office14.STANDARD" = Microsoft Office Standard 2010 "OpenVPN" = OpenVPN 2.2.2 "Picasa 3" = Picasa 3 "RealPlayer 15.0" = RealPlayer "Steam App 8930" = Sid Meier's Civilization V "Totalcmd" = Total Commander (Remove or Repair) "TrueCrypt" = TrueCrypt "VLC media player" = VLC media player 1.1.4 "Warcraft III" = Warcraft III "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Zattoo4" = Zattoo4 4.0.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "Dropbox" = Dropbox "Move Media Player" = Move Media Player "Spotify" = Spotify "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 25.10.2012 05:50:15 | Computer Name = Home | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ACDaemon.exe, Version: 1.1.0.49, Zeitstempel: 0x4cc808ec Name des fehlerhaften Moduls: ACDaemon.exe, Version: 1.1.0.49, Zeitstempel: 0x4cc808ec Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001af76 ID des fehlerhaften Prozesses: 0x12d0 Startzeit der fehlerhaften Anwendung: 0x01cdb2960a4fa45e Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Berichtskennung: 5fe6827f-1e89-11e2-a92a-0024be6a5ebb Error - 25.10.2012 06:01:29 | Computer Name = Home | Source = Avira Antivirus | ID = 4118 Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die Datei D:\Desktop\DSC00072.JPG. [ACCESS_VIOLATION Exception!! EIP = 0x15d6da2] Bitte Avira informieren und die obige Datei übersenden! Error - 25.10.2012 06:23:00 | Computer Name = Home | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Die Anwendung oder der Dienst "Apple Mobile Device" konnte nicht neu gestartet werden. Error - 25.10.2012 06:26:21 | Computer Name = Home | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ACDaemon.exe, Version: 1.1.0.49, Zeitstempel: 0x4cc808ec Name des fehlerhaften Moduls: ACDaemon.exe, Version: 1.1.0.49, Zeitstempel: 0x4cc808ec Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001af76 ID des fehlerhaften Prozesses: 0x114c Startzeit der fehlerhaften Anwendung: 0x01cdb29b2babe8f6 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Berichtskennung: 6b5378f1-1e8e-11e2-a92a-0024be6a5ebb Error - 25.10.2012 07:16:28 | Computer Name = Home | Source = WDSmartWareBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args) Error - 25.10.2012 07:48:39 | Computer Name = Home | Source = WDSmartWareBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args) Error - 25.10.2012 09:13:54 | Computer Name = Home | Source = WDSmartWareBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args) Error - 25.10.2012 09:48:42 | Computer Name = Home | Source = WDSmartWareBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args) Error - 25.10.2012 10:13:39 | Computer Name = Home | Source = WDSmartWareBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args) Error - 26.10.2012 02:06:14 | Computer Name = Home | Source = WDSmartWareBackgroundService | ID = 0 Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args) [ System Events ] Error - 26.10.2012 02:05:49 | Computer Name = Home | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WD SmartWare Drive Manager Service erreicht. Error - 26.10.2012 02:10:35 | Computer Name = Home | Source = Service Control Manager | ID = 7022 Description = Der Dienst "VAIO Care Performance Service" wurde nicht richtig gestartet. Error - 26.10.2012 02:11:58 | Computer Name = Home | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Software Protection erreicht. Error - 26.10.2012 02:11:58 | Computer Name = Home | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 26.10.2012 02:13:17 | Computer Name = Home | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Management & Security Application User Notification Service erreicht. Error - 26.10.2012 02:13:17 | Computer Name = Home | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Intel(R) Management & Security Application User Notification Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 26.10.2012 02:14:17 | Computer Name = Home | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error - 26.10.2012 02:15:17 | Computer Name = Home | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error - 26.10.2012 02:15:22 | Computer Name = Home | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Sicherheitscenter" wurde nicht richtig gestartet. Error - 26.10.2012 02:16:17 | Computer Name = Home | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. < End of report > |
26.10.2012, 08:04 | #28 |
/// the machine /// TB-Ausbilder | TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden Hast Du was von Memeo,WDSmart, Canon oder Arcsoft installiert? Alles deinstallieren inkl alles von Citrix und Java. Restart.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
26.10.2012, 08:38 | #29 |
| TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden ArcSoft - deinstalliert WDSmart - deinstaliert Citrix - deinstalliert Java - deinstalliert Rechner startet schon "etwas" schneller. |
26.10.2012, 09:46 | #30 |
/// the machine /// TB-Ausbilder | TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden Ok, dann mach mal bitte folgendes: Den REchner nen ganzen Tag im Normalmodus nutzen, mehrfach rebooten. Dann ein komplettes Set frische OTL logs, ich will schauen ob die Event-Errors weg sind. OTL starten, Unter Extra Registrierung auf Benutze Safe List stellen und Scan drücken, sollten 2 Logfiles entstehen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden |
abgesicherten, anleitung, antivir, avira, avira antivir, diverse, ergebnis, files, gesucht, intel, internetseite, langsam, meldung, modus, nicht mehr, rojaner gefunden, scanner, seite, seiten, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, virenscanner, virus, windows, windows 7 |