| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.10.2012, 12:20
| #1 |
 |  Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? Ich habe mir wohl ChatZum und Yontoo eingefangen. Da ich Win7 habe kann ich den IE nur deaktivieren. Die Brower löschen und neu installieren funktioniert daher nicht. Wie bekomme ich beides wieder los? Über Hilfe wäre ich dankbar OTL: Code:
ATTFilter OTL logfile created on: 14.10.2012 22:15:50 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrea\Desktop\Roland Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,44% Memory free 6,00 Gb Paging File | 4,94 Gb Available in Paging File | 82,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,17 Gb Total Space | 66,20 Gb Free Space | 11,49% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 3,20 Gb Free Space | 16,03% Space Free | Partition Type: FAT32 Drive E: | 1,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ANDREA-PC | User Name: Andrea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.13 21:54:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\Roland\OTL.exe PRC - [2012.07.31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2012.05.23 08:18:11 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\real\realplayer\Update\realsched.exe PRC - [2012.05.15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.04.03 17:14:32 | 000,041,472 | ---- | M] () -- C:\Programme\dradio-Recorder\phonostarTimer.exe PRC - [2012.02.14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcfgex.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 01:15:34 | 006,124,744 | ---- | M] (Salfeld Computer) -- C:\Windows\tray\wintmr.exe PRC - [2009.01.04 16:26:16 | 000,028,672 | ---- | M] (AVEO) -- C:\Programme\AVEO USB2.0 PC Camera\CamAppSTI.exe PRC - [2008.07.18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.04.03 17:14:32 | 000,041,472 | ---- | M] () -- C:\Programme\dradio-Recorder\phonostarTimer.exe MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2008.10.20 15:28:44 | 000,045,056 | ---- | M] () -- C:\Programme\AVEO USB2.0 PC Camera\AVEOCamSDK.dll MOD - [2008.08.27 16:32:36 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2008.06.09 09:55:08 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll ========== Services (SafeList) ========== SRV - [2012.10.09 11:53:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.05.19 15:05:22 | 000,081,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe -- (avmident) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.08.25 09:56:38 | 000,765,592 | ---- | M] (Salfeld Computer) [Auto | Stopped] -- C:\Windows\System32\ksupmgr.exe -- (ksupmgr) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.06 18:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - [2012.08.24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.07.26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.04.18 19:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2012.01.18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2012.01.18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2011.02.16 18:31:25 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV06.sys -- (ACEDRV06) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 19:25:26 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.06.17 19:25:26 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.05.29 11:26:18 | 000,076,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV84.sys -- (SSHDRV84) DRV - [2010.03.15 11:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO) DRV - [2009.09.08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2008.08.25 04:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.08.18 19:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.18 15:10:42 | 000,373,568 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv09.sys -- (acedrv09) DRV - [2007.05.30 18:54:22 | 000,201,696 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp09.sys -- (acehlp09) DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006.02.20 20:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/ IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = L:\Filme IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.arcor.de/login/ IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {D00AE851-0E1E-441E-BFF5-67D19C7B84B5} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms} IE - HKCU\..\SearchScopes\{CB406FCE-1FFD-42EA-8DFC-CC93D851104F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{D00AE851-0E1E-441E-BFF5-67D19C7B84B5}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE474 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andrea\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.11 08:17:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.07 10:48:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.12 09:51:00 | 000,000,000 | ---D | M] [2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\prxtbDVD2.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [Feeds] C:\Windows\System32\oobe\info\FEEDS.bat () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andrea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9875F34-6A0B-4D57-963C-A430B6AA4A44}: NameServer = 192.168.178.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.11.12 18:00:43 | 000,000,071 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{a8d53147-e8f1-11de-9091-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a8d53147-e8f1-11de-9091-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2008.10.06 09:34:50 | 000,635,696 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.08 20:39:58 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2012.10.08 20:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2012.10.08 20:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2012.10.08 20:39:36 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Winamp [2012.10.08 20:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2012.10.05 15:32:19 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\ProtectDisc [2012.09.30 13:25:36 | 000,244,680 | ---- | C] (Salfeld Computer) -- C:\Windows\System32\wdrvhook.dll [2012.09.28 11:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net [2012.09.28 11:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Roadkil.Net [2012.09.24 21:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012.09.22 09:21:29 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Desktop\DVD_VR [2012.09.19 16:14:40 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Macromedia [2012.09.19 08:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo [2012.09.19 08:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\ChatZum Toolbar [2012.09.19 07:49:48 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Mozilla [2012.09.19 07:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.19 07:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.14 22:14:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2012.10.14 22:07:54 | 000,005,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.14 22:07:54 | 000,005,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.14 22:01:10 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\FRITZ!Box starter.lnk [2012.10.14 22:00:55 | 000,000,000 | ---- | M] () -- C:\Windows\System32\excltmp~.dat [2012.10.14 22:00:47 | 000,001,309 | ---- | M] () -- C:\Windows\System32\cchservice.err [2012.10.14 22:00:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.14 22:00:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.14 22:00:31 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys [2012.10.14 21:53:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.14 21:48:30 | 700,465,148 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.14 21:47:22 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.13 22:05:41 | 000,000,000 | ---- | M] () -- C:\Users\Andrea\defogger_reenable [2012.10.13 20:48:39 | 000,428,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.13 18:41:23 | 097,271,295 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.10.13 18:32:16 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.13 11:54:00 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000A65.LCS [2012.10.12 15:41:19 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.12 15:41:19 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.12 15:41:19 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.12 15:41:19 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.08 20:39:58 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.10.08 17:43:24 | 000,001,786 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012.10.06 18:50:01 | 000,203,300 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.10.06 15:19:47 | 000,101,420 | ---- | M] () -- C:\Users\Andrea\Documents\Geburtstagseinladung Wiebke 2011.odt [2012.10.05 16:06:32 | 004,692,959 | ---- | M] () -- C:\Users\Andrea\Desktop\P1060598.JPG [2012.10.05 16:06:02 | 004,642,136 | ---- | M] () -- C:\Users\Andrea\Desktop\P1060597.JPG [2012.10.02 18:04:18 | 000,011,100 | ---- | M] () -- C:\Users\Andrea\Desktop\Arbeitsplan Lima1.ods [2012.10.01 12:16:36 | 000,000,582 | ---- | M] () -- C:\NET.INI [2012.09.30 20:14:08 | 000,618,081 | ---- | M] () -- C:\Users\Andrea\Desktop\Einladung.pdf [2012.09.30 18:28:45 | 000,053,617 | ---- | M] () -- C:\Users\Andrea\Desktop\Auto wert Ulrich.JPG [2012.09.26 18:24:48 | 000,066,048 | ---- | M] () -- C:\Users\Andrea\Desktop\Frauenfreizeit_2012_Themen[1].aww [2012.09.26 17:22:33 | 005,877,367 | ---- | M] () -- C:\Users\Andrea\Desktop\P1060525.JPG [2012.09.25 22:40:54 | 000,061,925 | ---- | M] () -- C:\Users\Andrea\Desktop\perlhuhn2.JPG [2012.09.25 22:30:19 | 000,079,088 | ---- | M] () -- C:\Users\Andrea\Desktop\Keramik_Perlhuhn_810.jpg [2012.09.18 18:00:43 | 000,030,092 | ---- | M] () -- C:\Users\Andrea\Desktop\chatprotokolle matthias.odt [2012.09.18 16:00:37 | 000,010,477 | ---- | M] () -- C:\Users\Andrea\Desktop\testdruck.odt [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.14 08:49:25 | 700,465,148 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.10.13 22:05:41 | 000,000,000 | ---- | C] () -- C:\Users\Andrea\defogger_reenable [2012.10.13 20:59:23 | 000,001,417 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.10.13 20:48:26 | 000,428,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.12 10:02:53 | 000,011,528 | ---- | C] () -- C:\Users\Andrea\Desktop\2012_Grilleinteilung.pdf [2012.10.08 20:39:58 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.10.06 18:06:50 | 004,642,136 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060597.JPG [2012.10.06 18:06:39 | 004,692,959 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060598.JPG [2012.10.06 15:19:45 | 000,101,420 | ---- | C] () -- C:\Users\Andrea\Documents\Geburtstagseinladung Wiebke 2011.odt [2012.10.05 15:32:20 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000A65.LCS [2012.10.02 18:04:10 | 000,011,100 | ---- | C] () -- C:\Users\Andrea\Desktop\Arbeitsplan Lima1.ods [2012.10.01 10:35:01 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\FRITZ!Box starter.lnk [2012.09.30 20:14:05 | 000,618,081 | ---- | C] () -- C:\Users\Andrea\Desktop\Einladung.pdf [2012.09.30 18:28:45 | 000,053,617 | ---- | C] () -- C:\Users\Andrea\Desktop\Auto wert Ulrich.JPG [2012.09.26 18:24:47 | 000,066,048 | ---- | C] () -- C:\Users\Andrea\Desktop\Frauenfreizeit_2012_Themen[1].aww [2012.09.26 06:40:18 | 006,804,499 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060526.JPG [2012.09.26 06:40:18 | 005,877,367 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060525.JPG [2012.09.26 06:39:25 | 006,993,253 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060527.JPG [2012.09.25 22:40:53 | 000,061,925 | ---- | C] () -- C:\Users\Andrea\Desktop\perlhuhn2.JPG [2012.09.25 22:39:40 | 000,079,088 | ---- | C] () -- C:\Users\Andrea\Desktop\Keramik_Perlhuhn_810.jpg [2012.09.19 16:14:34 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.18 18:54:52 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.18 18:00:41 | 000,030,092 | ---- | C] () -- C:\Users\Andrea\Desktop\chatprotokolle matthias.odt [2012.09.18 16:00:35 | 000,010,477 | ---- | C] () -- C:\Users\Andrea\Desktop\testdruck.odt [2012.09.07 12:05:54 | 000,009,368 | ---- | C] () -- C:\Windows\System32\drivers\mchccinj.sys [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2012.01.04 10:15:36 | 000,000,582 | ---- | C] () -- C:\Windows\wiso.ini [2011.12.07 19:09:54 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL [2011.12.07 19:09:54 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL [2011.12.07 19:09:54 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL [2011.12.07 19:09:54 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL [2011.12.07 19:09:54 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL [2011.12.07 19:05:47 | 000,001,360 | ---- | C] () -- C:\Windows\_delis32.ini [2011.09.21 21:33:58 | 000,000,296 | ---- | C] () -- C:\Windows\{EF79E2B2-35E7-431B-A51F-8B507F9C647D}_WiseFW.ini [2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.05.31 17:36:37 | 000,155,536 | ---- | C] () -- C:\Windows\System32\dllcinx.exe [2011.05.31 17:36:36 | 000,000,600 | ---- | C] () -- C:\Windows\System32\nochook.ini [2011.03.15 10:36:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\excltmp~.dat [2011.03.15 10:34:44 | 000,000,179 | ---- | C] () -- C:\Windows\System32\SWCTL.DLL [2011.03.15 10:34:44 | 000,000,141 | -H-- | C] () -- C:\Windows\System32\ctlsw.ini [2011.03.15 10:34:42 | 000,009,368 | ---- | C] () -- C:\Windows\System32\drivers\mchccinj.sys.VIRUS [2010.12.07 20:26:10 | 000,000,342 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\wklnhst.dat [2010.03.29 19:43:57 | 000,000,155 | ---- | C] () -- C:\Users\Andrea\.appletviewer [2010.03.12 10:14:48 | 000,000,673 | ---- | C] () -- C:\Users\Andrea\Andrea - Verknüpfung.lnk [2010.02.12 14:34:42 | 000,010,240 | ---- | C] () -- C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.08 22:27:52 | 000,001,786 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.01.08 22:07:23 | 000,000,680 | RHS- | C] () -- C:\Users\Andrea\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.02.26 21:02:01 | 000,000,000 | -HSD | M] -- C:\Users\Andrea\AppData\Roaming\.# [2012.09.27 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Audacity [2012.04.21 10:43:08 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\AVG2012 [2012.01.04 10:15:39 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Buhl Data Service [2012.04.10 10:09:25 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\cerasus.media [2012.10.05 15:32:44 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Cornelsen [2010.10.29 23:07:44 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Der Planer 4 [2012.08.16 20:14:35 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\DVDVideoSoft [2011.02.01 16:05:31 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.04 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Free Download Manager [2012.01.20 22:54:52 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\FRITZ! [2010.11.20 19:00:50 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\GetRightToGo [2010.05.28 20:18:15 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Haufe [2010.03.29 21:19:23 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ICAClient [2010.01.21 09:07:23 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Lexware [2012.02.22 19:04:57 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\LolClient [2012.05.28 09:48:49 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\LolClient2 [2010.01.21 12:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\OpenOffice.org [2011.10.27 12:07:01 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\phonostar GmbH [2012.10.05 15:32:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ProtectDisc [2012.09.07 12:06:02 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Salfeld [2010.05.30 22:19:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\saveTV [2010.12.07 20:26:11 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Template [2011.05.16 14:09:59 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Timerle [2010.09.28 20:56:05 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Ulead Systems [2011.03.12 14:06:16 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Wildlife Park 2 ========== Purity Check ========== < End of report > Code:
ATTFilter
OTL Extras logfile created on: 13.10.2012 22:07:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrea\Desktop\Roland
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,70% Memory free
6,00 Gb Paging File | 4,65 Gb Available in Paging File | 77,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 43,41 Gb Free Space | 7,53% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 3,20 Gb Free Space | 16,03% Space Free | Partition Type: FAT32
Drive E: | 1,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 1863,01 Gb Total Space | 255,98 Gb Free Space | 13,74% Space Free | Partition Type: NTFS
Computer Name: ANDREA-PC | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20E5F1BA-F514-42B6-8A1E-7B79C1304FFF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{219DF56D-34F0-4BDA-90AE-4D20D3FD3946}" = lport=10243 | protocol=6 | dir=in | app=system |
"{535D3C00-FA66-4641-8429-5F5AE95D41BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{62397B7C-5A6E-44F6-B026-F318579CFAE2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{965C47DE-0A18-4A8E-9FA8-483771D6327E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE89FEE2-4FB0-4C8F-A013-86EEF451D6DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA317BEF-6779-4114-A639-E7336EE5EE46}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E10F16CF-DA90-4713-BDC5-FAFBB2391BE8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EE2D3AC8-1F8D-47C2-A380-C45FEC329422}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBE645F6-1E82-4BC7-82C4-156C927C860E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD6D6A0C-4CB2-4BB2-B30E-C8A1A2A067AB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1200E553-A82E-4718-9EA5-F3D5649DA10B}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{14153FAE-84C3-410F-AA7B-83458C44AA84}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1599D108-5182-4872-8554-D2DE1901FA5C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{162C9747-2FE2-47E3-AC11-2D9DE98A7902}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1CAA5504-F377-45D8-AFDF-5ACDA58BCC20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1CFC3663-1E68-4330-86CE-707E3644BA97}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{1EF1CF0A-A07B-404F-A497-B450F9F43604}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1FCC9E3A-7523-4ACC-9E19-8941187EF8DB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2603E283-0FB4-4449-A4D9-172B2A718541}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{2BA27A4F-E548-4CA0-8BE7-4FA4D30EFB3A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2FEED980-19A2-4C90-9833-067CE67227A8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{3EDF99DD-BEC3-4246-B44E-8B35CAF22609}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4057EF47-C7AE-4E95-A371-4425DA2011F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45AFBBC2-ABB2-488F-94CB-4C2A036E1475}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{48EBC8ED-E59F-4532-827B-7CB447C097FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50D39E27-C70E-4145-A84A-482560366F48}" = dir=in | app=c:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe |
"{555384F5-71E2-4EDB-BBB1-281D7FC2B6AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{58D2201E-C62C-429A-A250-643C79618AA5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{602B1342-750D-4644-833A-D07D74323D9A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{60F203D9-53E7-40D7-BB71-E7ACD7946405}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{6410C904-2E48-441A-9C50-0024788CB28F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6E580A85-352C-432B-89B8-C08D89954E6A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6EB854F6-976C-462C-B421-EB55F5F86971}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{7499F2C7-32AD-4FC4-B585-7F2F09E4D7D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{796EF2F4-FE94-43C7-8C7C-2AC34A1E32DE}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{82FDCCB2-76B1-41B1-AEC2-7F064848852E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AC7BC77-1038-423A-B350-5E9F29CEC8D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{91BF6C7D-2FA9-411E-865D-E1205BC28690}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9C7B5180-6806-49C6-91AF-B9AA0E9812A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A41C9408-5BAF-4AD4-80F8-850D65221515}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{A5FE3C51-1B02-48E2-B88C-14F3EA292E21}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{A6E48282-3C1B-4810-8943-F96A11E2184D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B0C3A773-1C6A-4189-A020-2358E04B98EE}" = protocol=6 | dir=out | app=system |
"{B1C746FE-6885-45D3-9213-E97CC8C3A6E8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4F27669-61DF-4A61-8CE3-296B3A5CEE30}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BCD289DA-24A6-474C-A13E-117AAFCC938E}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BFEBA121-1854-4099-95AC-7B2C187BAE8C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BFFFB145-98DA-4D5F-B6F8-F44BDC1CA988}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C31C4C82-6FD3-428E-974E-8C09E59AC0BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C7DE92D3-F416-4CBC-9684-B9084A9E6C5C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDA8A57D-9B14-41E5-BF70-B22FF53B9123}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{CE531381-2412-4212-998F-2C2B5DCF0A1C}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{D1AA70FB-6B1A-435C-AA0E-0FE009C3B0FC}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{D20AB7EA-56DF-484B-9CC7-6B285F5D27A7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{DADB21F5-2C01-4E8B-A4A3-1897C8BE6B7C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{DAE711A3-1187-4335-A77C-FBD2777BEE1A}" = protocol=6 | dir=in | app=c:\program files\fritz!box-kindersicherung\avmident.exe |
"{DD9F8B3C-D2A2-4A94-8567-7CD2FF8339CC}" = protocol=17 | dir=in | app=c:\program files\fritz!box-kindersicherung\avmident.exe |
"{DFB211E7-501A-4303-9149-B1E42B065754}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{E14C4F88-62BD-49A9-8EE0-A856507599A8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{E376A292-99DD-47D6-8707-7057FE7B3F6A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FB7759AD-C439-4679-98C2-1C3B4AFA1D3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{4428C8FC-34EA-4A39-BA91-F30370B931F0}C:\program files\dradio-recorder\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe |
"TCP Query User{71990E24-9CBD-4FC9-AF2F-84942EAD726F}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{7B476CCE-AA50-41FF-A954-08F1ED085980}C:\program files\dradio-recorder\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe |
"TCP Query User{85698A35-67F4-4699-AFA9-25B6E3AFCAAF}C:\program files\numnumspiel\numnumserver.exe" = protocol=6 | dir=in | app=c:\program files\numnumspiel\numnumserver.exe |
"TCP Query User{B426F009-7925-409F-9869-B8842B10C5E8}C:\program files\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\program files\urbanterror\iourbanterror.exe |
"TCP Query User{C7D8B56C-FC65-4149-B1A1-16CD89C291A5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{E1920361-AA57-484E-9933-613C478C91CD}C:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe |
"UDP Query User{0BB8B13D-3807-4C91-9709-106B12630003}C:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\duden rechtschreibtrainer.exe |
"UDP Query User{1FD90EE5-0F6F-4594-89A6-58F304F2DCE0}C:\program files\dradio-recorder\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe |
"UDP Query User{4BEB0E3D-249A-4DDD-B033-04B18992615B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{56058492-0AF8-4183-9E3A-A01FCD216BE2}C:\program files\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\program files\urbanterror\iourbanterror.exe |
"UDP Query User{6C0A69EE-72CC-4409-8AA5-FA3CD57B211A}C:\program files\numnumspiel\numnumserver.exe" = protocol=17 | dir=in | app=c:\program files\numnumspiel\numnumserver.exe |
"UDP Query User{CAFC0AB5-B880-486C-988E-B9A4486406A6}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{FAC3A5D8-2958-4F1A-890A-BA8E65ADAAFF}C:\program files\dradio-recorder\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"_{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{011D3ED9-1829-48F5-A22F-3B10A886B262}" = English Coach 21 1
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{06b2b7ed-809a-44e6-8538-ca0f5b74ecc4}.sdb" = CVE-2012-1889
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{09CB31A8-584F-4BC4-8151-B626A023E604}}_is1" = TOPP Vorlagen-Druckstudio (3490)
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{0D06066D-69E5-4B7E-8409-86F221E7AEFA}" = Octava SD4
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{0FCEE1FB-C48F-421C-B4C1-B952F1B67617}" = Actio multimedial
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4200" = Canon iP4200
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{151FFC5F-ADE2-4CC3-AB0B-D9F8EB3FBF7A}" = Wildlife Park 2
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C3DEAF-801D-4C3E-9826-E62EE16DB7AB}" = phase6_18
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2588022D-38FB-4335-9B3D-B76B7F244A5C}" = Langenscheidt Vokabeltrainer 4.0 Englisch (OEM)
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29447369-6968-4e86-a208-603f6f0771a6}.sdb" = CVE-2012-1889
"{2C09B3BC-47CF-49B7-8EC6-7F12C72D252F}" = NVIDIA PhysX
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3574F326-3F29-4182-8566-3E2E3A667041}" = WinPhysik XXL
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{381D847E-7E56-4E82-B261-F799E0F40EB4}" = PHOTOfunSTUDIO 4.0 HD Edition
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40D5AB10-F3E0-4A3E-B59A-25BE077EBD11}" = Cornelsen Kalender
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{4496D5D4-7658-4889-A447-7521876050C4}" = WinMathematik 2.0 XXL
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E4E15DD-6CE6-4AAD-81EC-F8A9C0D83449}" = Vokabeltrainer-Update 4.0.19
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2009
"{511C626A-66BB-4E4D-8A23-5E8D52B8FA32}" = Mathica
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB)
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7235252A-39A3-4889-AF58-18B82040310E}" = AVEO USB2.0 PC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE VCD
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C459192-BBB7-446C-9DC8-E502E02FEB51}_is1" = Timerle 1.04
"{804ED550-B39F-474D-AC6C-49C35511F14D}" = Wildlife Park 2 Patch 2.00
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{90D1201F-2B53-45A5-B940-B7DE21B995FC}" = Duden Rechtschreibtrainer
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2FCDB3C-F9D1-40CE-B2BD-DE471930C483}" = English Coach 21 Band 2
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A8EC9CBD-35FF-44A1-913A-DE676CE0D876}" = Entdecken! Lernen! Wissen! Der menschliche Körper
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0507
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B59E14F6-B241-42C2-B626-9F41FD1DCD6D}" = Playway 4 Rainbow Edition
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFF2D920-80F2-46E9-8246-79A20BB9D8B2}" = Crazy Machines - Neues aus dem Labor
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C3542652-4C59-4A96-982A-06EBB3F47819}" = Steuer-Hilfesammlung 2009
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{DA10D8B2-E38E-4374-9288-15B41DA1BBF3}" = Corel Home Office
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF79E2B2-35E7-431B-A51F-8B507F9C647D}" = AVM FRITZ!Box-Kindersicherung
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{f300e352-12de-4e7f-ace3-a376874402b6}.sdb" = CVE-2012-1889
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8151A23-1B3D-4D6E-9904-30D279AABB47}" = Stadtrallye
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Alfons Lernwelt" = Alfons Lernwelt
"Audacity_is1" = Audacity 2.0
"AVG" = AVG 2012
"Blitzrechnen " = Blitzrechnen
"Blitzrechnen 1+2" = Blitzrechnen 1+2
"BlueJ_is1" = BlueJ 2.5.3
"Bridge Building Game" = Bridge Building Game
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"Das Sams" = Das Sams
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"Dogs, Cats & Friends_is1" = Dogs, Cats & Friends
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.6
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Forte Free" = Forte Free 2.0
"Forte Standard" = Forte Standard 2.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Fritz und Fertig 4" = Fritz und Fertig 4
"GUT 1" = GUT 1
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"Kindersicherung_is1" = Kindersicherung 2012
"MediacoderSE1.1" = MediacoderSE
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NumNumSpiel" = NumNumSpiel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pelikan VA" = Vereinfachte Ausgangsschrift
"Physicus II_is1" = Physicus II ´07
"ProtectDisc Driver" = ProtectDisc Helper Driver
"RealPlayer 15.0" = RealPlayer
"ROBOProFischertechnik" = ROBOPro (fischertechnik) Programm
"S2TNG" = Die Siedler II - Die nächste Generation
"Siedler3Deinstall" = Siedler3
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"SolveigMM AVI Trimmer 2.0.1108.18" = SolveigMM AVI Trimmer
"Superbike Racing 2 - from Midas" = Superbike Racing 2 - from Midas
"SuperTux 0.3.3" = SuperTux 0.3.3
"Um die Welt in 80 Tagen_is1" = Um die Welt in 80 Tagen 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Urban Terror_is1" = Urban Terror 4.1
"Vereinfachte Ausgangsschrift VA_is1" = Pelikan Schulschriften
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"64ad468768c89317" = Save.TV EasyRecord DownloadManager
"ROBOProFischertechnik" = ROBOPro (fischertechnik) Programm
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.10.2012 13:43:56 | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 13.10.2012 13:43:56 | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 13.10.2012 13:43:57 | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 13.10.2012 13:44:12 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.10.2012 13:57:34 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.10.2012 14:13:57 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.10.2012 14:32:02 | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 13.10.2012 14:43:56 | Computer Name = Andrea-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 13.10.2012 14:49:53 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.10.2012 14:55:16 | Computer Name = Andrea-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 20.04.2012 00:10:31 | Computer Name = Andrea-PC | Source = MCUpdate | ID = 0
Description = 06:10:31 - Fehler beim Herstellen der Internetverbindung. 06:10:31
- Serververbindung konnte nicht hergestellt werden..
Error - 20.04.2012 00:10:40 | Computer Name = Andrea-PC | Source = MCUpdate | ID = 0
Description = 06:10:37 - Fehler beim Herstellen der Internetverbindung. 06:10:37
- Serververbindung konnte nicht hergestellt werden..
Error - 05.06.2012 01:35:49 | Computer Name = Andrea-PC | Source = MCUpdate | ID = 0
Description = 07:35:49 - Fehler beim Herstellen der Internetverbindung. 07:35:49
- Serververbindung konnte nicht hergestellt werden..
Error - 05.06.2012 01:35:59 | Computer Name = Andrea-PC | Source = MCUpdate | ID = 0
Description = 07:35:54 - Fehler beim Herstellen der Internetverbindung. 07:35:54
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 13.10.2012 13:58:18 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 13.10.2012 14:12:30 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 13.10.2012 14:14:39 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 13.10.2012 14:14:39 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 13.10.2012 14:48:33 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 13.10.2012 14:50:50 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 13.10.2012 14:50:50 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 13.10.2012 14:53:48 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 13.10.2012 14:55:56 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 13.10.2012 14:55:56 | Computer Name = Andrea-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-15 12:48:39
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000065 WDC_WD64 rev.05.0
Running: gmer.exe; Driver: C:\Users\Andrea\AppData\Local\Temp\uwdiqpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x9931B004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x9931B0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9931AD76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9931AE1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9931AEBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9931AF56]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8327DA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832B74D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1357 832BE78C 5 Bytes [04, B0, 31, 99, D4]
.text ntkrnlpa.exe!KeRemoveQueueEx + 135D 832BE792 2 Bytes [31, 99]
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 832BE7D4 4 Bytes [76, AD, 31, 99]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 832BEAA4 8 Bytes [1E, AE, 31, 99, BA, AE, 31, ...] {PUSH DS; SCASB ; XOR [ECX-0x66ce5146], EBX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 832BEB18 4 Bytes [56, AF, 31, 99]
.text C:\Windows\system32\drivers\SSHDRV84.sys section is writeable [0x90852000, 0x233D4, 0xE8000020]
.pklstb C:\Windows\system32\drivers\SSHDRV84.sys entry point in ".pklstb" section [0x90884000]
.relo2 C:\Windows\system32\drivers\SSHDRV84.sys unknown last section [0x9089A000, 0x8E, 0x42000040]
.reloc C:\Windows\system32\drivers\acehlp09.sys section is executable [0x916E0780, 0x28F7A, 0xE0000060]
.text C:\Windows\system32\drivers\ACEDRV06.sys section is writeable [0x91281000, 0x319AA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV06.sys entry point in ".pklstb" section [0x912C4000]
.relo2 C:\Windows\system32\drivers\ACEDRV06.sys unknown last section [0x912DF000, 0x8E, 0x42000040]
.reloc C:\Windows\system32\drivers\acedrv09.sys section is executable [0x99288000, 0x4E05A, 0xE0000060]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x992D7300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9931D300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\real\realplayer\Update\realsched.exe[3756] kernel32.dll!SetUnhandledExceptionFilter 76A2F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter # AdwCleaner v2.004 - Datei am 15/10/2012 um 12:49:30 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Andrea - ANDREA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andrea\Desktop\Roland\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files\ChatZum Toolbar
Ordner Gefunden : C:\Program Files\Common Files\DVDVideoSoft
Ordner Gefunden : C:\Program Files\DVDVideoSoft
Ordner Gefunden : C:\Program Files\Yontoo
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
Ordner Gefunden : C:\Users\Andrea\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Andrea\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Andrea\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\Andrea\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Andrea\AppData\Roaming\DVDVideoSoft
Ordner Gefunden : C:\Users\Andrea\Documents\DVDVideoSoft
Ordner Gefunden : C:\Users\Jannik\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Jannik\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\Jannik\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Jannik\AppData\LocalLow\Toolbar4
Ordner Gefunden : C:\Users\League of Legends\AppData\Local\Conduit
Ordner Gefunden : C:\Users\League of Legends\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\League of Legends\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\League of Legends\AppData\LocalLow\Toolbar4
Ordner Gefunden : C:\Users\League of Legends\AppData\Roaming\DVDVideoSoft
Ordner Gefunden : C:\Users\League of Legends\Documents\DVDVideoSoft
Ordner Gefunden : C:\Users\MAtthias Filme\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\MAtthias Filme\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\MAtthias Filme\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\MAtthias Filme\Documents\DVDVideoSoft
Ordner Gefunden : C:\Users\Thomas\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Thomas\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\Thomas\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Thomas\Documents\DVDVideoSoft
Ordner Gefunden : C:\Users\Vokabeln\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Vokabeln\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\Wiebke\AppData\LocalLow\DVDVideoSoft
Ordner Gefunden : C:\Users\Wiebke\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Wiebke\AppData\LocalLow\Toolbar4
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoft
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\ChatZum Toolbar
Schlüssel Gefunden : HKCU\Software\DVDVideoSoft
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\ChatZum Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DA7A0DEE-8D1F-4CE7-87A6-9F61D02FB667}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DVDVideoSoft
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51AD1E70-D4E9-4FCC-8215-7BE056D97465}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E20A84E9-935E-4683-8054-1E0CC60B156A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DA7A0DEE-8D1F-4CE7-87A6-9F61D02FB667}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoft Toolbar
Schlüssel Gefunden : HKLM\Software\Tarma Installer
Schlüssel Gefunden : HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/
*************************
AdwCleaner[R1].txt - [8596 octets] - [13/10/2012 21:23:43]
AdwCleaner[R2].txt - [8527 octets] - [15/10/2012 12:49:30]
########## EOF - C:\AdwCleaner[R2].txt - [8587 octets] ##########
|
|
16.10.2012, 12:36
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
16.10.2012, 21:08
| #3 |
| | Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? Danke für die Antwort und Unterstützung.
__________________Habe Malwarebytes scannen lassen und einen weiteren ungebetenen "Gast" gefunden :-( Keine Meldung zu ChatZum oder Yontoo. Wie geht's weiter? Log von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.16.11 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Andrea :: ANDREA-PC [Administrator] 16.10.2012 19:52:56 mbam-log-2012-10-16 (19-52-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 710003 Laufzeit: 1 Stunde(n), 47 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Jannik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OAXWGU9P\refog_setup_kl_641[1].exe (PUP.Keylogger) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
17.10.2012, 13:59
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.10.2012, 14:14
| #5 |
| | Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? Dies war der bisher erste und einzige scan mit Malwarebytes. |
|
17.10.2012, 16:06
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Bitte auch ESET ausführen, danach sehen wir weiter! Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Wenn der Scan beendet wurde Drücke bitte die  + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES%EsetEset Online Scannerlog.txt"
Code:
ATTFilter "%PROGRAMFILES(X86)%EsetEset Online Scannerlog.txt"
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ --> Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? |
|
17.10.2012, 21:45
| #7 |
| | Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? adwcleaner: Code:
ATTFilter # AdwCleaner v2.004 - Datei am 17/10/2012 um 18:21:10 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Andrea - ANDREA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andrea\Desktop\Roland\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\ChatZum Toolbar
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft
Ordner Gelöscht : C:\Program Files\DVDVideoSoft
Ordner Gelöscht : C:\Program Files\Yontoo
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\DVDVideoSoft
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Andrea\AppData\Roaming\DVDVideoSoft
Ordner Gelöscht : C:\Users\Andrea\Documents\DVDVideoSoft
Ordner Gelöscht : C:\Users\Jannik\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Jannik\AppData\LocalLow\DVDVideoSoft
Ordner Gelöscht : C:\Users\Jannik\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Jannik\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\League of Legends\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\League of Legends\AppData\LocalLow\DVDVideoSoft
Ordner Gelöscht : C:\Users\League of Legends\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\League of Legends\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\League of Legends\AppData\Roaming\DVDVideoSoft
Ordner Gelöscht : C:\Users\League of Legends\Documents\DVDVideoSoft
Ordner Gelöscht : C:\Users\MAtthias Filme\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\MAtthias Filme\AppData\LocalLow\DVDVideoSoft
Ordner Gelöscht : C:\Users\MAtthias Filme\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\MAtthias Filme\Documents\DVDVideoSoft
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\DVDVideoSoft
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Thomas\Documents\DVDVideoSoft
Ordner Gelöscht : C:\Users\Vokabeln\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Vokabeln\AppData\LocalLow\DVDVideoSoft
Ordner Gelöscht : C:\Users\Wiebke\AppData\LocalLow\DVDVideoSoft
Ordner Gelöscht : C:\Users\Wiebke\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Wiebke\AppData\LocalLow\Toolbar4
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoft
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\DVDVideoSoft
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DA7A0DEE-8D1F-4CE7-87A6-9F61D02FB667}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoft
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51AD1E70-D4E9-4FCC-8215-7BE056D97465}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E20A84E9-935E-4683-8054-1E0CC60B156A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DA7A0DEE-8D1F-4CE7-87A6-9F61D02FB667}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoft Toolbar
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/ --> hxxp://www.google.com
*************************
AdwCleaner[R1].txt - [8596 octets] - [13/10/2012 21:23:43]
AdwCleaner[R2].txt - [8656 octets] - [15/10/2012 12:49:30]
AdwCleaner[S1].txt - [8139 octets] - [17/10/2012 18:21:10]
########## EOF - C:\AdwCleaner[S1].txt - [8199 octets] ##########
Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e0cb2a6f29b87148b533e572f075eb8a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-17 08:40:29
# local_time=2012-10-17 10:40:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 15494056 15494056 0 0
# compatibility_mode=5893 16776574 100 94 15495027 102122872 0 0
# compatibility_mode=8192 67108863 100 0 131 131 0 0
# scanned=446327
# found=3
# cleaned=0
# scan_time=13659
C:\Users\Andrea\Desktop\Roland\DownloadAcceleratorSetup.exe a variant of Win32/InstallCore.AX application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Andrea\Downloads\SoftonicDownloader_fuer_free-download-manager.exe a variant of Win32/SoftonicDownloader.E application (unable to clean) 00000000000000000000000000000000 I
C:\Users\League of Legends\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\753600e3-37f1813e multiple threats (unable to clean) 00000000000000000000000000000000 I
|
|
17.10.2012, 22:10
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.10.2012, 05:28
| #9 |
| | Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? - Der normale Modus von Windows geht uneingeschränkt - Leere Ordner habe ich gefunden: + MSXML 4.0 + Nokia ==> Vermissen tue ich aber nichts |
|
18.10.2012, 10:04
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? Mach bitte einen (neuen) CustomScan mit OTL - das Log davon nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.10.2012, 20:49
| #11 |
| | Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? OTL Scan: OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.10.2012 21:22:22 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrea\Desktop\Roland Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,44% Memory free 6,00 Gb Paging File | 4,59 Gb Available in Paging File | 76,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,17 Gb Total Space | 67,46 Gb Free Space | 11,71% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 3,20 Gb Free Space | 16,03% Space Free | Partition Type: FAT32 Drive E: | 1,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ANDREA-PC | User Name: Andrea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.13 21:54:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\Roland\OTL.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe PRC - [2012.07.31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2012.07.26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe PRC - [2012.06.20 18:13:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2012.06.13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe PRC - [2012.05.23 08:18:11 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\real\realplayer\Update\realsched.exe PRC - [2012.05.15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.05.15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.04.03 17:14:32 | 000,041,472 | ---- | M] () -- C:\Programme\dradio-Recorder\phonostarTimer.exe PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.05.19 15:05:22 | 000,081,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.18 07:39:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.10.01 22:23:58 | 000,146,360 | ---- | M] (Panasonic Corporation) -- C:\Programme\Panasonic\PHOTOfunSTUDIO 4.0 HD\AutoStartupService.exe PRC - [2009.07.14 01:15:34 | 002,222,528 | ---- | M] (Salfeld Computer) -- C:\Windows\System32\cchservice.exe PRC - [2009.06.19 12:44:12 | 000,285,184 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2009.06.19 12:44:02 | 000,195,072 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.02.06 18:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.01.04 16:26:16 | 000,028,672 | ---- | M] (AVEO) -- C:\Programme\AVEO USB2.0 PC Camera\CamAppSTI.exe PRC - [2008.07.18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2007.12.07 17:08:26 | 000,778,240 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\Stcenter.exe PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\IGDCTRL.EXE PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007.07.02 16:00:00 | 002,748,928 | ---- | M] (Cornelsen Verlag GmbH & Co. oHG) -- C:\Programme\Cornelsen\Kalender\CsKalender.exe PRC - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2006.02.19 17:38:46 | 000,160,899 | ---- | M] (JFSoftware) -- C:\Programme\Timerle\Timerle.exe ========== Modules (No Company Name) ========== MOD - [2012.10.10 20:16:00 | 000,689,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\7ad858343df4d35cd393b6263608a70a\System.Data.SqlServerCe.ni.dll MOD - [2012.10.10 20:15:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.10.10 20:15:27 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.10.10 20:15:18 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll MOD - [2012.10.10 20:15:17 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.10.10 20:15:17 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll MOD - [2012.10.10 20:14:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.10.10 20:14:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.10.10 19:42:09 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.10.10 19:42:04 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2012.08.10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll MOD - [2012.04.03 17:14:32 | 000,041,472 | ---- | M] () -- C:\Programme\dradio-Recorder\phonostarTimer.exe MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.07.14 10:47:15 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.resources.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2008.10.20 15:28:44 | 000,045,056 | ---- | M] () -- C:\Programme\AVEO USB2.0 PC Camera\AVEOCamSDK.dll MOD - [2008.08.27 16:32:36 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2008.06.09 09:55:08 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll ========== Services (SafeList) ========== SRV - [2012.10.09 11:53:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.05.19 15:05:22 | 000,081,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe -- (avmident) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.08.25 09:56:38 | 000,765,592 | ---- | M] (Salfeld Computer) [Auto | Stopped] -- C:\Windows\System32\ksupmgr.exe -- (ksupmgr) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.06 18:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - [2012.08.24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.07.26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.04.18 19:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2012.01.18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2012.01.18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2011.02.16 18:31:25 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV06.sys -- (ACEDRV06) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 19:25:26 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.06.17 19:25:26 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.05.29 11:26:18 | 000,076,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV84.sys -- (SSHDRV84) DRV - [2010.03.15 11:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO) DRV - [2009.09.08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2008.08.25 04:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.08.18 19:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.18 15:10:42 | 000,373,568 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv09.sys -- (acedrv09) DRV - [2007.05.30 18:54:22 | 000,201,696 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp09.sys -- (acehlp09) DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006.02.20 20:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = L:\Filme IE - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.arcor.de/login/ IE - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\..\SearchScopes,DefaultScope = {D00AE851-0E1E-441E-BFF5-67D19C7B84B5} IE - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\..\SearchScopes\{CB406FCE-1FFD-42EA-8DFC-CC93D851104F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\..\SearchScopes\{D00AE851-0E1E-441E-BFF5-67D19C7B84B5}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE474 IE - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andrea\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.11 08:17:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.07 10:48:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.12 09:51:00 | 000,000,000 | ---D | M] [2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CamAppSTI.exe] C:\Programme\AVEO USB2.0 PC Camera\CamAppSTI.exe (AVEO) O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\.DEFAULT..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-18..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000..\Run: [dradio-RecorderTimer] C:\Programme\dradio-Recorder\phonostarTimer.exe () O4 - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000..\Run: [Feeds] C:\Windows\System32\oobe\info\FEEDS.bat () O4 - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000..\Run: [Timerle] C:\Program Files\Timerle\Timerle.exe (JFSoftware) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Jannik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\League of Legends\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\League of Legends\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\MAtthias Filme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\MAtthias Filme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Wiebke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Wiebke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O7 - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O7 - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-2483597853-1551754690-1934621275-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andrea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9875F34-6A0B-4D57-963C-A430B6AA4A44}: NameServer = 192.168.178.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.11.12 18:00:43 | 000,000,071 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{a8d53147-e8f1-11de-9091-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a8d53147-e8f1-11de-9091-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2008.10.06 09:34:50 | 000,635,696 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Andrea^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: ChicoSys - hkey= - key= - File not found MsConfig - StartUpReg: ConnectionCenter - hkey= - key= - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: ksupmgr - C:\Windows\System32\ksupmgr.exe (Salfeld Computer) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: ksupmgr - C:\Windows\System32\ksupmgr.exe (Salfeld Computer) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.dvacm - C:\Programme\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: VIDC.IV50 - C:\Windows\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.PIM1 - C:\Windows\System32\pclepim1.dll (Pinnacle Systems) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.17 18:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.16 19:50:16 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Malwarebytes [2012.10.16 19:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.16 19:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.16 19:49:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.16 19:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.08 20:39:58 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2012.10.08 20:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2012.10.08 20:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2012.10.08 20:39:36 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Winamp [2012.10.08 20:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2012.10.05 15:32:19 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\ProtectDisc [2012.09.30 13:25:36 | 000,244,680 | ---- | C] (Salfeld Computer) -- C:\Windows\System32\wdrvhook.dll [2012.09.28 11:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net [2012.09.28 11:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Roadkil.Net [2012.09.24 21:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012.09.22 09:21:29 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Desktop\DVD_VR [2012.09.19 16:14:40 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Macromedia [2012.09.19 07:49:48 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Mozilla [2012.09.19 07:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.19 07:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.18 21:24:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2012.10.18 20:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.18 20:34:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.18 18:05:36 | 097,701,046 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.10.18 17:40:30 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000A65.LCS [2012.10.18 14:34:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.18 11:14:28 | 000,005,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.18 11:14:28 | 000,005,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.18 11:12:37 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\FRITZ!Box starter.lnk [2012.10.18 11:12:36 | 000,002,471 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1&1 FRITZ!Box starter.lnk [2012.10.18 11:12:32 | 000,001,200 | ---- | M] () -- C:\Windows\System32\excltmp~.dat [2012.10.18 11:07:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.18 11:07:10 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys [2012.10.16 19:49:59 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.15 20:32:26 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.15 20:32:26 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.15 20:32:26 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.15 20:32:26 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.15 19:44:56 | 000,307,193 | ---- | M] () -- C:\Users\Andrea\Desktop\20120823_Protokoll_BaWue_der_Sitzung_am_20120630_in_Stuttgart.pdf [2012.10.15 19:42:38 | 000,507,624 | ---- | M] () -- C:\Users\Andrea\Desktop\18-Wie ticken Jugendliche 2.0.pdf [2012.10.14 22:00:47 | 000,001,309 | ---- | M] () -- C:\Windows\System32\cchservice.err [2012.10.14 21:48:30 | 700,465,148 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.13 20:48:39 | 000,428,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.13 18:32:16 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.08 20:39:58 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.10.08 17:43:24 | 000,001,786 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012.10.06 18:50:01 | 000,203,300 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.10.06 15:19:47 | 000,101,420 | ---- | M] () -- C:\Users\Andrea\Documents\Geburtstagseinladung Wiebke 2011.odt [2012.10.05 16:06:32 | 004,692,959 | ---- | M] () -- C:\Users\Andrea\Desktop\P1060598.JPG [2012.10.05 16:06:02 | 004,642,136 | ---- | M] () -- C:\Users\Andrea\Desktop\P1060597.JPG [2012.10.05 15:31:40 | 000,002,073 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cornelsen Kalender.lnk [2012.10.02 18:04:18 | 000,011,100 | ---- | M] () -- C:\Users\Andrea\Desktop\Arbeitsplan Lima1.ods [2012.10.01 12:16:36 | 000,000,582 | ---- | M] () -- C:\NET.INI [2012.09.30 20:14:08 | 000,618,081 | ---- | M] () -- C:\Users\Andrea\Desktop\Einladung.pdf [2012.09.30 18:28:45 | 000,053,617 | ---- | M] () -- C:\Users\Andrea\Desktop\Auto wert Ulrich.JPG [2012.09.26 18:24:48 | 000,066,048 | ---- | M] () -- C:\Users\Andrea\Desktop\Frauenfreizeit_2012_Themen[1].aww [2012.09.26 17:22:33 | 005,877,367 | ---- | M] () -- C:\Users\Andrea\Desktop\P1060525.JPG [2012.09.25 22:40:54 | 000,061,925 | ---- | M] () -- C:\Users\Andrea\Desktop\perlhuhn2.JPG [2012.09.25 22:30:19 | 000,079,088 | ---- | M] () -- C:\Users\Andrea\Desktop\Keramik_Perlhuhn_810.jpg [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.16 19:49:59 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.15 20:31:25 | 000,307,193 | ---- | C] () -- C:\Users\Andrea\Desktop\20120823_Protokoll_BaWue_der_Sitzung_am_20120630_in_Stuttgart.pdf [2012.10.15 20:31:19 | 000,507,624 | ---- | C] () -- C:\Users\Andrea\Desktop\18-Wie ticken Jugendliche 2.0.pdf [2012.10.14 08:49:25 | 700,465,148 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.10.13 20:59:23 | 000,001,417 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.10.13 20:48:26 | 000,428,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.08 20:39:58 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2012.10.06 18:06:50 | 004,642,136 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060597.JPG [2012.10.06 18:06:39 | 004,692,959 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060598.JPG [2012.10.06 15:19:45 | 000,101,420 | ---- | C] () -- C:\Users\Andrea\Documents\Geburtstagseinladung Wiebke 2011.odt [2012.10.05 15:32:20 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000A65.LCS [2012.10.05 15:31:40 | 000,002,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cornelsen Kalender.lnk [2012.10.02 18:04:10 | 000,011,100 | ---- | C] () -- C:\Users\Andrea\Desktop\Arbeitsplan Lima1.ods [2012.10.01 10:35:01 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1&1 FRITZ!Box starter.lnk [2012.10.01 10:35:01 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\FRITZ!Box starter.lnk [2012.09.30 20:14:05 | 000,618,081 | ---- | C] () -- C:\Users\Andrea\Desktop\Einladung.pdf [2012.09.30 18:28:45 | 000,053,617 | ---- | C] () -- C:\Users\Andrea\Desktop\Auto wert Ulrich.JPG [2012.09.26 18:24:47 | 000,066,048 | ---- | C] () -- C:\Users\Andrea\Desktop\Frauenfreizeit_2012_Themen[1].aww [2012.09.26 06:40:18 | 006,804,499 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060526.JPG [2012.09.26 06:40:18 | 005,877,367 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060525.JPG [2012.09.26 06:39:25 | 006,993,253 | ---- | C] () -- C:\Users\Andrea\Desktop\P1060527.JPG [2012.09.25 22:40:53 | 000,061,925 | ---- | C] () -- C:\Users\Andrea\Desktop\perlhuhn2.JPG [2012.09.25 22:39:40 | 000,079,088 | ---- | C] () -- C:\Users\Andrea\Desktop\Keramik_Perlhuhn_810.jpg [2012.09.19 16:14:34 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.07 12:05:54 | 000,009,368 | ---- | C] () -- C:\Windows\System32\drivers\mchccinj.sys [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2012.01.04 10:15:36 | 000,000,582 | ---- | C] () -- C:\Windows\wiso.ini [2011.12.07 19:09:54 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL [2011.12.07 19:09:54 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL [2011.12.07 19:09:54 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL [2011.12.07 19:09:54 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL [2011.12.07 19:09:54 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL [2011.12.07 19:05:47 | 000,001,360 | ---- | C] () -- C:\Windows\_delis32.ini [2011.09.21 21:33:58 | 000,000,296 | ---- | C] () -- C:\Windows\{EF79E2B2-35E7-431B-A51F-8B507F9C647D}_WiseFW.ini [2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.05.31 17:36:37 | 000,155,536 | ---- | C] () -- C:\Windows\System32\dllcinx.exe [2011.05.31 17:36:36 | 000,000,600 | ---- | C] () -- C:\Windows\System32\nochook.ini [2011.03.15 10:36:08 | 000,001,200 | ---- | C] () -- C:\Windows\System32\excltmp~.dat [2011.03.15 10:34:44 | 000,000,179 | ---- | C] () -- C:\Windows\System32\SWCTL.DLL [2011.03.15 10:34:44 | 000,000,141 | -H-- | C] () -- C:\Windows\System32\ctlsw.ini [2011.03.15 10:34:42 | 000,009,368 | ---- | C] () -- C:\Windows\System32\drivers\mchccinj.sys.VIRUS [2010.12.07 20:26:10 | 000,000,342 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\wklnhst.dat [2010.03.29 19:43:57 | 000,000,155 | ---- | C] () -- C:\Users\Andrea\.appletviewer [2010.03.12 10:14:48 | 000,000,673 | ---- | C] () -- C:\Users\Andrea\Andrea - Verknüpfung.lnk [2010.02.12 14:34:42 | 000,010,240 | ---- | C] () -- C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.08 22:27:52 | 000,001,786 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.01.08 22:07:23 | 000,000,680 | RHS- | C] () -- C:\Users\Andrea\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.02.26 21:02:01 | 000,000,000 | -HSD | M] -- C:\Users\Andrea\AppData\Roaming\.# [2012.09.27 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Audacity [2012.04.21 10:43:08 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\AVG2012 [2012.01.04 10:15:39 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Buhl Data Service [2012.04.10 10:09:25 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\cerasus.media [2012.10.05 15:32:44 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Cornelsen [2010.10.29 23:07:44 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Der Planer 4 [2011.02.01 16:05:31 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.04 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Free Download Manager [2012.01.20 22:54:52 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\FRITZ! [2010.11.20 19:00:50 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\GetRightToGo [2010.05.28 20:18:15 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Haufe [2010.03.29 21:19:23 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ICAClient [2010.01.21 09:07:23 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Lexware [2012.02.22 19:04:57 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\LolClient [2012.05.28 09:48:49 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\LolClient2 [2010.01.21 12:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\OpenOffice.org [2011.10.27 12:07:01 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\phonostar GmbH [2012.10.05 15:32:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ProtectDisc [2012.09.07 12:06:02 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Salfeld [2010.05.30 22:19:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\saveTV [2010.12.07 20:26:11 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Template [2011.05.16 14:09:59 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Timerle [2010.09.28 20:56:05 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Ulead Systems [2011.03.12 14:06:16 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Wildlife Park 2 [2012.04.25 12:38:44 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\AVG2012 [2012.05.16 19:05:35 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\cerasus.media [2012.07.05 17:24:58 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Cornelsen [2010.11.04 16:01:26 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\ICAClient [2010.11.04 16:01:32 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Lexware [2010.11.04 16:01:56 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\OpenOffice.org [2012.09.09 15:03:18 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Salfeld [2011.11.02 10:46:26 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Timerle [2012.04.29 16:17:41 | 000,000,000 | ---D | M] -- C:\Users\Jannik\AppData\Roaming\Wildlife Park 2 [2012.05.02 17:08:45 | 000,000,000 | -HSD | M] -- C:\Users\League of Legends\AppData\Roaming\.# [2012.05.02 17:08:00 | 000,000,000 | ---D | M] -- C:\Users\League of Legends\AppData\Roaming\ALDI_SUED_Mah_Jong [2012.09.06 12:00:11 | 000,000,000 | ---D | M] -- C:\Users\League of Legends\AppData\Roaming\Audacity [2012.04.21 20:18:09 | 000,000,000 | ---D | M] -- C:\Users\League of Legends\AppData\Roaming\AVG2012 [2012.07.05 16:29:25 | 000,000,000 | ---D | M] -- C:\Users\League of Legends\AppData\Roaming\Cornelsen [2012.02.20 09:40:20 | 000,000,000 | ---D | M] -- C:\Users\League of Legends\AppData\Roaming\ICAClient [2012.02.20 09:40:19 | 000,000,000 | ---D | M] -- C:\Users\League of Legends\AppData\Roaming\Lexware [2012.02.20 11:23:40 | 000,000,000 | ---D | M] -- C:\Users\League of Legends\AppData\Roaming\LolClient [2012.05.24 18:28:35 | 000,000,000 | ---D | M] -- C:\Users\League of Legends\AppData\Roaming\LolClient2 [2012.03.05 15:05:27 | 000,000,000 | ---D | M] -- C:\Users\League of Legends\AppData\Roaming\OpenOffice.org [2012.09.10 13:46:06 | 000,000,000 | ---D | M] -- C:\Users\League of Legends\AppData\Roaming\Salfeld [2012.02.23 09:03:50 | 000,000,000 | ---D | M] -- C:\Users\League of Legends\AppData\Roaming\Timerle [2012.04.21 21:31:00 | 000,000,000 | ---D | M] -- C:\Users\MAtthias Filme\AppData\Roaming\AVG2012 [2012.07.06 15:51:00 | 000,000,000 | ---D | M] -- C:\Users\MAtthias Filme\AppData\Roaming\Cornelsen [2010.11.21 17:21:57 | 000,000,000 | ---D | M] -- C:\Users\MAtthias Filme\AppData\Roaming\ICAClient [2010.11.21 17:22:04 | 000,000,000 | ---D | M] -- C:\Users\MAtthias Filme\AppData\Roaming\Lexware [2012.05.17 17:47:35 | 000,000,000 | ---D | M] -- C:\Users\MAtthias Filme\AppData\Roaming\LolClient [2011.03.30 12:38:13 | 000,000,000 | ---D | M] -- C:\Users\MAtthias Filme\AppData\Roaming\OpenOffice.org [2012.04.26 19:37:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\AVG2012 [2010.06.15 20:04:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ICAClient [2010.06.15 20:04:38 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Lexware [2011.03.01 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org [2011.10.05 14:35:39 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Timerle [2011.03.15 16:14:37 | 000,000,000 | ---D | M] -- C:\Users\Vokabeln\AppData\Roaming\ICAClient [2011.03.15 16:14:55 | 000,000,000 | ---D | M] -- C:\Users\Vokabeln\AppData\Roaming\Lexware [2012.04.25 12:37:29 | 000,000,000 | ---D | M] -- C:\Users\Wiebke\AppData\Roaming\AVG2012 [2012.04.06 16:33:37 | 000,000,000 | ---D | M] -- C:\Users\Wiebke\AppData\Roaming\cerasus.media [2012.10.12 16:17:56 | 000,000,000 | ---D | M] -- C:\Users\Wiebke\AppData\Roaming\Cornelsen [2011.04.17 15:16:41 | 000,000,000 | ---D | M] -- C:\Users\Wiebke\AppData\Roaming\Haufe Mediengruppe [2011.03.15 11:17:33 | 000,000,000 | ---D | M] -- C:\Users\Wiebke\AppData\Roaming\ICAClient [2011.03.15 11:17:44 | 000,000,000 | ---D | M] -- C:\Users\Wiebke\AppData\Roaming\Lexware [2012.07.01 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\Wiebke\AppData\Roaming\OpenOffice.org [2012.10.12 16:17:25 | 000,000,000 | ---D | M] -- C:\Users\Wiebke\AppData\Roaming\ProtectDisc [2012.09.07 12:14:08 | 000,000,000 | ---D | M] -- C:\Users\Wiebke\AppData\Roaming\Salfeld [2012.08.12 15:51:22 | 000,000,000 | ---D | M] -- C:\Users\Wiebke\AppData\Roaming\Timerle [2011.03.21 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\Wiebke\AppData\Roaming\Wildlife Park 2 ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.02.26 21:02:01 | 000,000,000 | -HSD | M] -- C:\Users\Andrea\AppData\Roaming\.# [2012.01.20 23:22:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Adobe [2012.08.16 18:22:18 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Apple Computer [2012.07.07 10:48:43 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ArcSoft [2012.09.27 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Audacity [2012.04.21 10:43:08 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\AVG2012 [2012.01.04 10:15:39 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Buhl Data Service [2012.04.10 10:09:25 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\cerasus.media [2010.06.08 21:46:13 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Corel [2012.10.08 18:23:47 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\CorelHomeOffice [2012.10.05 15:32:44 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Cornelsen [2012.04.19 19:40:28 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\CyberLink [2010.10.29 23:07:44 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Der Planer 4 [2012.09.18 11:58:59 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\DivX [2011.02.01 16:05:31 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.04 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Free Download Manager [2012.01.20 22:54:52 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\FRITZ! [2010.11.20 19:00:50 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\GetRightToGo [2010.05.28 20:18:15 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Haufe [2010.03.29 21:19:23 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ICAClient [2010.01.13 16:14:46 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Identities [2010.01.09 17:17:58 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\InstallShield [2010.01.21 09:07:23 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Lexware [2012.02.22 19:04:57 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\LolClient [2012.05.28 09:48:49 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\LolClient2 [2009.12.14 23:04:09 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Macromedia [2012.10.16 19:50:16 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Media Center Programs [2011.12.31 18:41:35 | 000,000,000 | --SD | M] -- C:\Users\Andrea\AppData\Roaming\Microsoft [2012.06.21 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\NVIDIA [2010.01.21 12:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\OpenOffice.org [2011.10.27 12:07:01 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\phonostar GmbH [2012.10.05 15:32:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ProtectDisc [2012.09.29 13:26:23 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Real [2012.09.07 12:06:02 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Salfeld [2010.05.30 22:19:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\saveTV [2010.01.08 21:45:38 | 000,000,000 | RH-D | M] -- C:\Users\Andrea\AppData\Roaming\SecuROM [2012.10.18 21:21:56 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Skype [2010.12.07 20:26:11 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Template [2011.05.16 14:09:59 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Timerle [2010.09.28 20:56:05 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Ulead Systems [2011.03.12 14:06:16 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Wildlife Park 2 [2012.10.13 18:33:06 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Winamp < %APPDATA%\*.exe /s > [2011.11.16 19:17:24 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Andrea\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe [2011.05.16 20:21:52 | 000,010,134 | R--- | M] () -- C:\Users\Andrea\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe [2011.05.16 20:21:52 | 000,008,854 | R--- | M] () -- C:\Users\Andrea\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe [2011.05.16 20:21:52 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Andrea\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe [2011.02.20 19:01:12 | 000,003,262 | R--- | M] () -- C:\Users\Andrea\AppData\Roaming\Microsoft\Installer\{F8151A23-1B3D-4D6E-9904-30D279AABB47}\Icon.exe [2012.06.02 23:03:04 | 014,637,448 | ---- | M] ( ) -- C:\Users\Andrea\AppData\Roaming\phonostar GmbH\dradio-Recorder\update.exe [2012.09.29 13:26:26 | 000,450,712 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Andrea\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe [2012.09.29 13:26:26 | 000,450,712 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Andrea\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe < %SYSTEMDRIVE%\*.exe > [2012.05.28 09:40:32 | 000,031,232 | ---- | M] () -- C:\Alice.exe [2012.08.30 01:15:30 | 003,782,214 | ---- | M] () -- C:\chatzum_nt.exe [2007.12.27 23:24:08 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2 C:\*.tmp files -> C:\*.tmp -> ] < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2009.05.15 16:17:02 | 000,032,768 | ---- | M] (Panasonic Corporation) MD5=18312FA8B6AAEC330A2A9483A77FF650 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 4.0 HD\HDWTools\EventLog.dll [2009.09.16 14:07:32 | 000,043,008 | ---- | M] (Panasonic Corporation) MD5=251525E2648747393DC5180B5ABDD762 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 4.0 HD\Core\EventLog\EventLog.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: NVSTOR32.SYS > [2008.08.18 19:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\$WINDOWS.~Q\DATA\Windows\System32\drivers\nvstor32.sys [2008.08.18 19:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\drivers\nvstor32.sys [2008.08.18 19:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_b900095f3aa53048\nvstor32.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > |
|
18.10.2012, 21:13
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? Ist recht unauffällig Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.10.2012, 17:27
| #13 |
| | Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? Log von TDSS: Virustotal hat zu allen 5 Dateien gemeldet: Detection ratio: 0/(39-44) Code:
ATTFilter 18:23:30.0903 5636 SetPrivileges failed!
18:23:30.0903 5636 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
18:23:32.0904 5636 ============================================================
18:23:32.0904 5636 Current date / time: 2012/10/19 18:23:32.0904
18:23:32.0904 5636 SystemInfo:
18:23:32.0904 5636
18:23:32.0904 5636 OS Version: 6.1.7601 ServicePack: 1.0
18:23:32.0904 5636 Product type: Workstation
18:23:32.0905 5636 ComputerName: ANDREA-PC
18:23:32.0905 5636 UserName: Andrea
18:23:32.0905 5636 Windows directory: C:\Windows
18:23:32.0905 5636 System windows directory: C:\Windows
18:23:32.0905 5636 Processor architecture: Intel x86
18:23:32.0905 5636 Number of processors: 4
18:23:32.0905 5636 Page size: 0x1000
18:23:32.0905 5636 Boot type: Normal boot
18:23:32.0905 5636 ============================================================
18:23:33.0274 5636 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:23:33.0303 5636 ============================================================
18:23:33.0303 5636 \Device\Harddisk0\DR0:
18:23:33.0304 5636 MBR partitions:
18:23:33.0304 5636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x48056800
18:23:33.0322 5636 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x48057800, BlocksNum 0x2800000
18:23:33.0322 5636 ============================================================
18:23:33.0355 5636 C: <-> \Device\Harddisk0\DR0\Partition1
18:23:33.0380 5636 D: <-> \Device\Harddisk0\DR0\Partition2
18:23:33.0381 5636 ============================================================
18:23:33.0381 5636 Initialize success
18:23:33.0381 5636 ============================================================
18:23:54.0067 4064 ============================================================
18:23:54.0067 4064 Scan started
18:23:54.0067 4064 Mode: Manual; SigCheck; TDLFS;
18:23:54.0067 4064 ============================================================
18:23:54.0277 4064 ================ Scan system memory ========================
18:23:54.0277 4064 System memory - ok
18:23:54.0278 4064 ================ Scan services =============================
18:23:54.0436 4064 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:23:54.0562 4064 1394ohci - ok
18:23:54.0644 4064 [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:23:54.0658 4064 ACDaemon - ok
18:23:54.0728 4064 [ 44010948BDE6ADE50DD1386657C73E83 ] ACEDRV06 C:\Windows\system32\drivers\ACEDRV06.sys
18:23:54.0758 4064 ACEDRV06 ( UnsignedFile.Multi.Generic ) - warning
18:23:54.0758 4064 ACEDRV06 - detected UnsignedFile.Multi.Generic (1)
18:23:54.0830 4064 [ BD4E8C841716D5F2804CE000CFE61524 ] acedrv09 C:\Windows\system32\drivers\acedrv09.sys
18:23:54.0845 4064 acedrv09 - ok
18:23:54.0908 4064 [ 7B19E528F2F40524E2C40F754A571EB8 ] acehlp09 C:\Windows\system32\drivers\acehlp09.sys
18:23:54.0918 4064 acehlp09 - ok
18:23:54.0964 4064 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:23:54.0977 4064 ACPI - ok
18:23:55.0013 4064 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:23:55.0078 4064 AcpiPmi - ok
18:23:55.0170 4064 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:23:55.0182 4064 AdobeFlashPlayerUpdateSvc - ok
18:23:55.0222 4064 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:23:55.0240 4064 adp94xx - ok
18:23:55.0249 4064 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:23:55.0265 4064 adpahci - ok
18:23:55.0285 4064 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:23:55.0297 4064 adpu320 - ok
18:23:55.0335 4064 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:23:55.0380 4064 AeLookupSvc - ok
18:23:55.0410 4064 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys
18:23:55.0418 4064 Afc - ok
18:23:55.0468 4064 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:23:55.0517 4064 AFD - ok
18:23:55.0549 4064 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:23:55.0560 4064 agp440 - ok
18:23:55.0588 4064 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:23:55.0599 4064 aic78xx - ok
18:23:55.0629 4064 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:23:55.0653 4064 ALG - ok
18:23:55.0700 4064 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:23:55.0710 4064 aliide - ok
18:23:55.0763 4064 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:23:55.0774 4064 amdagp - ok
18:23:55.0791 4064 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:23:55.0802 4064 amdide - ok
18:23:55.0814 4064 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:23:55.0844 4064 AmdK8 - ok
18:23:55.0859 4064 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:23:55.0892 4064 AmdPPM - ok
18:23:55.0919 4064 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:23:55.0931 4064 amdsata - ok
18:23:55.0948 4064 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:23:55.0961 4064 amdsbs - ok
18:23:55.0982 4064 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:23:55.0993 4064 amdxata - ok
18:23:56.0032 4064 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:23:56.0055 4064 AppID - ok
18:23:56.0075 4064 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:23:56.0117 4064 AppIDSvc - ok
18:23:56.0155 4064 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:23:56.0194 4064 Appinfo - ok
18:23:56.0242 4064 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:23:56.0251 4064 Apple Mobile Device - ok
18:23:56.0274 4064 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:23:56.0285 4064 arc - ok
18:23:56.0297 4064 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:23:56.0309 4064 arcsas - ok
18:23:56.0337 4064 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:23:56.0436 4064 AsyncMac - ok
18:23:56.0492 4064 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:23:56.0502 4064 atapi - ok
18:23:56.0542 4064 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
18:23:56.0554 4064 atksgt - ok
18:23:56.0607 4064 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:23:56.0634 4064 AudioEndpointBuilder - ok
18:23:56.0652 4064 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:23:56.0679 4064 Audiosrv - ok
18:23:56.0727 4064 [ 5B0DD6940188900A4F2681092EFEA6D2 ] AVEO C:\Windows\system32\DRIVERS\AVEOdcnt.sys
18:23:56.0751 4064 AVEO ( UnsignedFile.Multi.Generic ) - warning
18:23:56.0751 4064 AVEO - detected UnsignedFile.Multi.Generic (1)
18:23:56.0932 4064 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
18:23:57.0010 4064 AVGIDSAgent - ok
18:23:57.0068 4064 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
18:23:57.0077 4064 AVGIDSDriver - ok
18:23:57.0122 4064 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
18:23:57.0129 4064 AVGIDSFilter - ok
18:23:57.0178 4064 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
18:23:57.0186 4064 AVGIDSHX - ok
18:23:57.0242 4064 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
18:23:57.0249 4064 AVGIDSShim - ok
18:23:57.0285 4064 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
18:23:57.0297 4064 Avgldx86 - ok
18:23:57.0340 4064 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
18:23:57.0348 4064 Avgmfx86 - ok
18:23:57.0390 4064 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
18:23:57.0398 4064 Avgrkx86 - ok
18:23:57.0420 4064 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
18:23:57.0432 4064 Avgtdix - ok
18:23:57.0474 4064 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
18:23:57.0484 4064 avgwd - ok
18:23:57.0527 4064 [ C51101FC4C4AAB3AF977864A65266DBB ] avmident C:\Program Files\FRITZ!Box-Kindersicherung\avmident.exe
18:23:57.0535 4064 avmident - ok
18:23:57.0580 4064 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:23:57.0640 4064 AxInstSV - ok
18:23:57.0677 4064 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:23:57.0731 4064 b06bdrv - ok
18:23:57.0755 4064 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:23:57.0785 4064 b57nd60x - ok
18:23:57.0823 4064 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:23:57.0872 4064 BDESVC - ok
18:23:57.0886 4064 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:23:57.0921 4064 Beep - ok
18:23:57.0977 4064 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:23:58.0026 4064 BFE - ok
18:23:58.0069 4064 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\Windows\System32\bgsvcgen.exe
18:23:58.0079 4064 bgsvcgen - ok
18:23:58.0115 4064 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
18:23:58.0159 4064 BITS - ok
18:23:58.0181 4064 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:23:58.0193 4064 blbdrive - ok
18:23:58.0263 4064 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:23:58.0274 4064 Bonjour Service - ok
18:23:58.0313 4064 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:23:58.0340 4064 bowser - ok
18:23:58.0359 4064 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:23:58.0406 4064 BrFiltLo - ok
18:23:58.0421 4064 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:23:58.0455 4064 BrFiltUp - ok
18:23:58.0501 4064 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:23:58.0519 4064 Browser - ok
18:23:58.0540 4064 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:23:58.0590 4064 Brserid - ok
18:23:58.0604 4064 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:23:58.0633 4064 BrSerWdm - ok
18:23:58.0659 4064 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:23:58.0691 4064 BrUsbMdm - ok
18:23:58.0733 4064 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:23:58.0761 4064 BrUsbSer - ok
18:23:58.0785 4064 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:23:58.0817 4064 BTHMODEM - ok
18:23:58.0866 4064 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:23:58.0911 4064 bthserv - ok
18:23:58.0941 4064 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:23:58.0979 4064 cdfs - ok
18:23:59.0026 4064 [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv C:\Windows\system32\drivers\cdrbsdrv.sys
18:23:59.0052 4064 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
18:23:59.0052 4064 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
18:23:59.0107 4064 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:23:59.0133 4064 cdrom - ok
18:23:59.0184 4064 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:23:59.0220 4064 CertPropSvc - ok
18:23:59.0242 4064 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:23:59.0268 4064 circlass - ok
18:23:59.0292 4064 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:23:59.0305 4064 CLFS - ok
18:23:59.0370 4064 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:23:59.0381 4064 clr_optimization_v2.0.50727_32 - ok
18:23:59.0469 4064 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:23:59.0480 4064 clr_optimization_v4.0.30319_32 - ok
18:23:59.0500 4064 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:23:59.0528 4064 CmBatt - ok
18:23:59.0554 4064 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:23:59.0564 4064 cmdide - ok
18:23:59.0604 4064 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:23:59.0624 4064 CNG - ok
18:23:59.0639 4064 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:23:59.0650 4064 Compbatt - ok
18:23:59.0686 4064 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:23:59.0699 4064 CompositeBus - ok
18:23:59.0708 4064 COMSysApp - ok
18:23:59.0728 4064 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:23:59.0738 4064 crcdisk - ok
18:23:59.0773 4064 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:23:59.0819 4064 CryptSvc - ok
18:23:59.0850 4064 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
18:23:59.0859 4064 ctxusbm - ok
18:23:59.0906 4064 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:23:59.0954 4064 DcomLaunch - ok
18:23:59.0992 4064 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:24:00.0039 4064 defragsvc - ok
18:24:00.0068 4064 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:24:00.0110 4064 DfsC - ok
18:24:00.0162 4064 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:24:00.0207 4064 Dhcp - ok
18:24:00.0232 4064 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:24:00.0255 4064 discache - ok
18:24:00.0291 4064 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:24:00.0302 4064 Disk - ok
18:24:00.0343 4064 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:24:00.0383 4064 Dnscache - ok
18:24:00.0424 4064 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:24:00.0448 4064 dot3svc - ok
18:24:00.0485 4064 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:24:00.0526 4064 DPS - ok
18:24:00.0582 4064 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:24:00.0594 4064 drmkaud - ok
18:24:00.0648 4064 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:24:00.0668 4064 DXGKrnl - ok
18:24:00.0691 4064 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:24:00.0733 4064 EapHost - ok
18:24:00.0806 4064 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:24:00.0908 4064 ebdrv - ok
18:24:00.0944 4064 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:24:00.0956 4064 EFS - ok
18:24:01.0009 4064 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:24:01.0061 4064 ehRecvr - ok
18:24:01.0089 4064 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:24:01.0138 4064 ehSched - ok
18:24:01.0167 4064 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:24:01.0185 4064 elxstor - ok
18:24:01.0221 4064 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:24:01.0247 4064 ErrDev - ok
18:24:01.0290 4064 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:24:01.0315 4064 EventSystem - ok
18:24:01.0332 4064 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:24:01.0371 4064 exfat - ok
18:24:01.0392 4064 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:24:01.0436 4064 fastfat - ok
18:24:01.0491 4064 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:24:01.0546 4064 Fax - ok
18:24:01.0575 4064 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:24:01.0587 4064 fdc - ok
18:24:01.0602 4064 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:24:01.0638 4064 fdPHost - ok
18:24:01.0662 4064 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:24:01.0685 4064 FDResPub - ok
18:24:01.0701 4064 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:24:01.0711 4064 FileInfo - ok
18:24:01.0728 4064 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:24:01.0770 4064 Filetrace - ok
18:24:01.0796 4064 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:24:01.0821 4064 flpydisk - ok
18:24:01.0855 4064 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:24:01.0868 4064 FltMgr - ok
18:24:01.0911 4064 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
18:24:01.0973 4064 FontCache - ok
18:24:02.0038 4064 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:24:02.0047 4064 FontCache3.0.0.0 - ok
18:24:02.0066 4064 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:24:02.0077 4064 FsDepends - ok
18:24:02.0096 4064 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:24:02.0107 4064 Fs_Rec - ok
18:24:02.0153 4064 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:24:02.0168 4064 fvevol - ok
18:24:02.0192 4064 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:24:02.0204 4064 gagp30kx - ok
18:24:02.0252 4064 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:24:02.0263 4064 GEARAspiWDM - ok
18:24:02.0340 4064 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:24:02.0385 4064 gpsvc - ok
18:24:02.0480 4064 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:24:02.0489 4064 gupdate - ok
18:24:02.0525 4064 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:24:02.0533 4064 gupdatem - ok
18:24:02.0547 4064 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:24:02.0592 4064 hcw85cir - ok
18:24:02.0623 4064 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:24:02.0653 4064 HDAudBus - ok
18:24:02.0672 4064 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:24:02.0700 4064 HidBatt - ok
18:24:02.0728 4064 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:24:02.0762 4064 HidBth - ok
18:24:02.0790 4064 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:24:02.0823 4064 HidIr - ok
18:24:02.0847 4064 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:24:02.0884 4064 hidserv - ok
18:24:02.0933 4064 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:24:02.0964 4064 HidUsb - ok
18:24:03.0001 4064 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:24:03.0045 4064 hkmsvc - ok
18:24:03.0077 4064 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:24:03.0099 4064 HomeGroupListener - ok
18:24:03.0142 4064 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:24:03.0172 4064 HomeGroupProvider - ok
18:24:03.0201 4064 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:24:03.0212 4064 HpSAMD - ok
18:24:03.0263 4064 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:24:03.0289 4064 HTTP - ok
18:24:03.0328 4064 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:24:03.0338 4064 hwpolicy - ok
18:24:03.0383 4064 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:24:03.0413 4064 i8042prt - ok
18:24:03.0478 4064 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:24:03.0494 4064 iaStorV - ok
18:24:03.0559 4064 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:24:03.0563 4064 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:24:03.0563 4064 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:24:03.0619 4064 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:24:03.0658 4064 idsvc - ok
18:24:03.0751 4064 [ 62DD2F604DD1571C4E32D480DB2AB99A ] IGDCTRL C:\Program Files\1&1\IGDCTRL.EXE
18:24:03.0759 4064 IGDCTRL - ok
18:24:03.0798 4064 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:24:03.0809 4064 iirsp - ok
18:24:03.0865 4064 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:24:03.0929 4064 IKEEXT - ok
18:24:04.0011 4064 [ E345EC27C8DFF8728F5C6F0413699DC5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:24:04.0056 4064 IntcAzAudAddService - ok
18:24:04.0086 4064 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:24:04.0097 4064 intelide - ok
18:24:04.0111 4064 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:24:04.0135 4064 intelppm - ok
18:24:04.0160 4064 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:24:04.0196 4064 IPBusEnum - ok
18:24:04.0214 4064 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:24:04.0259 4064 IpFilterDriver - ok
18:24:04.0307 4064 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:24:04.0350 4064 iphlpsvc - ok
18:24:04.0385 4064 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:24:04.0418 4064 IPMIDRV - ok
18:24:04.0444 4064 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:24:04.0468 4064 IPNAT - ok
18:24:04.0520 4064 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:24:04.0539 4064 iPod Service - ok
18:24:04.0565 4064 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:24:04.0617 4064 IRENUM - ok
18:24:04.0631 4064 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:24:04.0642 4064 isapnp - ok
18:24:04.0682 4064 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:24:04.0696 4064 iScsiPrt - ok
18:24:04.0727 4064 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:24:04.0738 4064 kbdclass - ok
18:24:04.0748 4064 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:24:04.0774 4064 kbdhid - ok
18:24:04.0800 4064 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:24:04.0811 4064 KeyIso - ok
18:24:04.0841 4064 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:24:04.0852 4064 KSecDD - ok
18:24:04.0893 4064 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:24:04.0905 4064 KSecPkg - ok
18:24:04.0946 4064 [ 3CA4073A107B42828732088957960643 ] ksupmgr C:\Windows\system32\ksupmgr.exe
18:24:04.0965 4064 ksupmgr - ok
18:24:04.0995 4064 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:24:05.0041 4064 KtmRm - ok
18:24:05.0071 4064 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
18:24:05.0114 4064 LanmanServer - ok
18:24:05.0159 4064 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:24:05.0204 4064 LanmanWorkstation - ok
18:24:05.0264 4064 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
18:24:05.0272 4064 lirsgt - ok
18:24:05.0313 4064 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:24:05.0336 4064 lltdio - ok
18:24:05.0366 4064 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:24:05.0404 4064 lltdsvc - ok
18:24:05.0431 4064 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:24:05.0465 4064 lmhosts - ok
18:24:05.0510 4064 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:24:05.0522 4064 LSI_FC - ok
18:24:05.0536 4064 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:24:05.0547 4064 LSI_SAS - ok
18:24:05.0558 4064 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:24:05.0569 4064 LSI_SAS2 - ok
18:24:05.0583 4064 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:24:05.0595 4064 LSI_SCSI - ok
18:24:05.0613 4064 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:24:05.0654 4064 luafv - ok
18:24:05.0718 4064 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
18:24:05.0732 4064 LVRS - ok
18:24:05.0848 4064 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
18:24:05.0984 4064 LVUVC - ok
18:24:06.0019 4064 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:24:06.0033 4064 Mcx2Svc - ok
18:24:06.0047 4064 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:24:06.0058 4064 megasas - ok
18:24:06.0075 4064 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:24:06.0090 4064 MegaSR - ok
18:24:06.0122 4064 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:24:06.0168 4064 MMCSS - ok
18:24:06.0190 4064 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:24:06.0231 4064 Modem - ok
18:24:06.0255 4064 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:24:06.0282 4064 monitor - ok
18:24:06.0316 4064 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:24:06.0326 4064 mouclass - ok
18:24:06.0360 4064 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:24:06.0371 4064 mouhid - ok
18:24:06.0408 4064 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:24:06.0419 4064 mountmgr - ok
18:24:06.0437 4064 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:24:06.0449 4064 mpio - ok
18:24:06.0470 4064 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:24:06.0513 4064 mpsdrv - ok
18:24:06.0549 4064 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:24:06.0591 4064 MpsSvc - ok
18:24:06.0625 4064 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:24:06.0639 4064 MRxDAV - ok
18:24:06.0681 4064 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:24:06.0727 4064 mrxsmb - ok
18:24:06.0761 4064 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:24:06.0789 4064 mrxsmb10 - ok
18:24:06.0812 4064 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:24:06.0823 4064 mrxsmb20 - ok
18:24:06.0834 4064 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:24:06.0845 4064 msahci - ok
18:24:06.0884 4064 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:24:06.0896 4064 msdsm - ok
18:24:06.0911 4064 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:24:06.0939 4064 MSDTC - ok
18:24:06.0976 4064 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:24:07.0012 4064 Msfs - ok
18:24:07.0029 4064 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:24:07.0052 4064 mshidkmdf - ok
18:24:07.0088 4064 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:24:07.0098 4064 msisadrv - ok
18:24:07.0135 4064 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:24:07.0159 4064 MSiSCSI - ok
18:24:07.0164 4064 msiserver - ok
18:24:07.0194 4064 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:24:07.0236 4064 MSKSSRV - ok
18:24:07.0259 4064 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:24:07.0283 4064 MSPCLOCK - ok
18:24:07.0292 4064 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:24:07.0316 4064 MSPQM - ok
18:24:07.0333 4064 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:24:07.0345 4064 MsRPC - ok
18:24:07.0359 4064 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:24:07.0369 4064 mssmbios - ok
18:24:07.0383 4064 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:24:07.0407 4064 MSTEE - ok
18:24:07.0442 4064 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:24:07.0467 4064 MTConfig - ok
18:24:07.0491 4064 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:24:07.0502 4064 Mup - ok
18:24:07.0545 4064 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:24:07.0588 4064 napagent - ok
18:24:07.0624 4064 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:24:07.0659 4064 NativeWifiP - ok
18:24:07.0706 4064 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:24:07.0726 4064 NDIS - ok
18:24:07.0742 4064 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:24:07.0766 4064 NdisCap - ok
18:24:07.0786 4064 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:24:07.0808 4064 NdisTapi - ok
18:24:07.0846 4064 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:24:07.0882 4064 Ndisuio - ok
18:24:07.0921 4064 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:24:07.0944 4064 NdisWan - ok
18:24:07.0986 4064 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:24:08.0028 4064 NDProxy - ok
18:24:08.0054 4064 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:24:08.0097 4064 NetBIOS - ok
18:24:08.0133 4064 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:24:08.0169 4064 NetBT - ok
18:24:08.0189 4064 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:24:08.0200 4064 Netlogon - ok
18:24:08.0238 4064 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:24:08.0265 4064 Netman - ok
18:24:08.0283 4064 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:24:08.0311 4064 netprofm - ok
18:24:08.0347 4064 [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
18:24:08.0381 4064 netr28u - ok
18:24:08.0416 4064 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:24:08.0426 4064 NetTcpPortSharing - ok
18:24:08.0457 4064 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:24:08.0468 4064 nfrd960 - ok
18:24:08.0509 4064 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:24:08.0551 4064 NlaSvc - ok
18:24:08.0576 4064 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:24:08.0622 4064 Npfs - ok
18:24:08.0645 4064 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:24:08.0670 4064 nsi - ok
18:24:08.0705 4064 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:24:08.0745 4064 nsiproxy - ok
18:24:08.0809 4064 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:24:08.0837 4064 Ntfs - ok
18:24:08.0852 4064 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:24:08.0874 4064 Null - ok
18:24:08.0906 4064 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
18:24:08.0922 4064 NVENETFD - ok
18:24:08.0970 4064 [ A0A9E53B4AAC3C6534A063ABA69BC19F ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
18:24:08.0980 4064 NVHDA - ok
18:24:09.0244 4064 [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:24:09.0409 4064 nvlddmkm - ok
18:24:09.0437 4064 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:24:09.0449 4064 nvraid - ok
18:24:09.0454 4064 [ AF1BD777AF00E96C45C77192D7453369 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
18:24:09.0487 4064 nvsmu - ok
18:24:09.0526 4064 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:24:09.0538 4064 nvstor - ok
18:24:09.0564 4064 [ 8EE374B6FB3CB2BB8D70395218B464A5 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
18:24:09.0574 4064 nvstor32 - ok
18:24:09.0613 4064 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:24:09.0631 4064 nvsvc - ok
18:24:09.0724 4064 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:24:09.0772 4064 nvUpdatusService - ok
18:24:09.0789 4064 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:24:09.0801 4064 nv_agp - ok
18:24:09.0831 4064 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:24:09.0843 4064 ohci1394 - ok
18:24:09.0862 4064 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:24:09.0915 4064 p2pimsvc - ok
18:24:09.0951 4064 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:24:09.0966 4064 p2psvc - ok
18:24:09.0984 4064 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:24:09.0996 4064 Parport - ok
18:24:10.0014 4064 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:24:10.0025 4064 partmgr - ok
18:24:10.0049 4064 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:24:10.0080 4064 Parvdm - ok
18:24:10.0112 4064 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:24:10.0128 4064 PcaSvc - ok
18:24:10.0144 4064 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:24:10.0156 4064 pci - ok
18:24:10.0193 4064 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:24:10.0203 4064 pciide - ok
18:24:10.0227 4064 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:24:10.0240 4064 pcmcia - ok
18:24:10.0255 4064 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:24:10.0265 4064 pcw - ok
18:24:10.0299 4064 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:24:10.0343 4064 PEAUTH - ok
18:24:10.0415 4064 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:24:10.0474 4064 pla - ok
18:24:10.0531 4064 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:24:10.0579 4064 PlugPlay - ok
18:24:10.0589 4064 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:24:10.0619 4064 PNRPAutoReg - ok
18:24:10.0640 4064 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:24:10.0654 4064 PNRPsvc - ok
18:24:10.0673 4064 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:24:10.0700 4064 PolicyAgent - ok
18:24:10.0738 4064 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:24:10.0762 4064 Power - ok
18:24:10.0784 4064 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:24:10.0821 4064 PptpMiniport - ok
18:24:10.0841 4064 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:24:10.0872 4064 Processor - ok
18:24:10.0907 4064 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:24:10.0957 4064 ProfSvc - ok
18:24:10.0967 4064 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:24:10.0978 4064 ProtectedStorage - ok
18:24:11.0009 4064 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
18:24:11.0020 4064 ProtexisLicensing - ok
18:24:11.0050 4064 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:24:11.0087 4064 Psched - ok
18:24:11.0130 4064 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
18:24:11.0139 4064 PSI_SVC_2 - ok
18:24:11.0180 4064 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:24:11.0235 4064 ql2300 - ok
18:24:11.0260 4064 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:24:11.0272 4064 ql40xx - ok
18:24:11.0305 4064 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:24:11.0342 4064 QWAVE - ok
18:24:11.0367 4064 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:24:11.0380 4064 QWAVEdrv - ok
18:24:11.0394 4064 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:24:11.0431 4064 RasAcd - ok
18:24:11.0472 4064 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:24:11.0506 4064 RasAgileVpn - ok
18:24:11.0533 4064 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:24:11.0576 4064 RasAuto - ok
18:24:11.0597 4064 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:24:11.0633 4064 Rasl2tp - ok
18:24:11.0686 4064 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:24:11.0711 4064 RasMan - ok
18:24:11.0726 4064 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:24:11.0764 4064 RasPppoe - ok
18:24:11.0796 4064 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:24:11.0818 4064 RasSstp - ok
18:24:11.0849 4064 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:24:11.0873 4064 rdbss - ok
18:24:11.0891 4064 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:24:11.0904 4064 rdpbus - ok
18:24:11.0939 4064 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:24:11.0961 4064 RDPCDD - ok
18:24:11.0994 4064 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:24:12.0015 4064 RDPENCDD - ok
18:24:12.0034 4064 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:24:12.0055 4064 RDPREFMP - ok
18:24:12.0083 4064 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:24:12.0112 4064 RDPWD - ok
18:24:12.0150 4064 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:24:12.0161 4064 rdyboost - ok
18:24:12.0187 4064 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:24:12.0226 4064 RemoteAccess - ok
18:24:12.0255 4064 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:24:12.0280 4064 RemoteRegistry - ok
18:24:12.0298 4064 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:24:12.0323 4064 RpcEptMapper - ok
18:24:12.0339 4064 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:24:12.0373 4064 RpcLocator - ok
18:24:12.0406 4064 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:24:12.0432 4064 RpcSs - ok
18:24:12.0451 4064 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:24:12.0497 4064 rspndr - ok
18:24:12.0533 4064 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:24:12.0544 4064 SamSs - ok
18:24:12.0585 4064 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:24:12.0596 4064 sbp2port - ok
18:24:12.0618 4064 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:24:12.0641 4064 SCardSvr - ok
18:24:12.0678 4064 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:24:12.0720 4064 scfilter - ok
18:24:12.0765 4064 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:24:12.0795 4064 Schedule - ok
18:24:12.0806 4064 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:24:12.0828 4064 SCPolicySvc - ok
18:24:12.0872 4064 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:24:12.0916 4064 SDRSVC - ok
18:24:12.0984 4064 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:24:12.0995 4064 SeaPort - ok
18:24:13.0017 4064 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:24:13.0040 4064 secdrv - ok
18:24:13.0048 4064 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:24:13.0073 4064 seclogon - ok
18:24:13.0098 4064 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:24:13.0137 4064 SENS - ok
18:24:13.0164 4064 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:24:13.0207 4064 SensrSvc - ok
18:24:13.0231 4064 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:24:13.0243 4064 Serenum - ok
18:24:13.0270 4064 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:24:13.0298 4064 Serial - ok
18:24:13.0357 4064 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:24:13.0368 4064 sermouse - ok
18:24:13.0407 4064 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:24:13.0446 4064 SessionEnv - ok
18:24:13.0476 4064 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:24:13.0499 4064 sffdisk - ok
18:24:13.0517 4064 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:24:13.0528 4064 sffp_mmc - ok
18:24:13.0546 4064 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:24:13.0581 4064 sffp_sd - ok
18:24:13.0608 4064 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:24:13.0632 4064 sfloppy - ok
18:24:13.0666 4064 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:24:13.0692 4064 SharedAccess - ok
18:24:13.0739 4064 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:24:13.0764 4064 ShellHWDetection - ok
18:24:13.0801 4064 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:24:13.0812 4064 sisagp - ok
18:24:13.0842 4064 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:24:13.0853 4064 SiSRaid2 - ok
18:24:13.0875 4064 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:24:13.0887 4064 SiSRaid4 - ok
18:24:13.0948 4064 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:24:13.0958 4064 SkypeUpdate - ok
18:24:13.0982 4064 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:24:14.0022 4064 Smb - ok
18:24:14.0066 4064 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:24:14.0094 4064 SNMPTRAP - ok
18:24:14.0114 4064 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:24:14.0124 4064 spldr - ok
18:24:14.0165 4064 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
18:24:14.0180 4064 Spooler - ok
18:24:14.0267 4064 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:24:14.0344 4064 sppsvc - ok
18:24:14.0379 4064 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:24:14.0402 4064 sppuinotify - ok
18:24:14.0437 4064 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:24:14.0483 4064 srv - ok
18:24:14.0502 4064 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:24:14.0537 4064 srv2 - ok
18:24:14.0560 4064 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:24:14.0590 4064 srvnet - ok
18:24:14.0615 4064 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:24:14.0658 4064 SSDPSRV - ok
18:24:14.0705 4064 [ CFC9B1CA57B41323A721D5F01FB2F899 ] SSHDRV84 C:\Windows\system32\drivers\SSHDRV84.sys
18:24:14.0720 4064 SSHDRV84 ( UnsignedFile.Multi.Generic ) - warning
18:24:14.0720 4064 SSHDRV84 - detected UnsignedFile.Multi.Generic (1)
18:24:14.0749 4064 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:24:14.0788 4064 SstpSvc - ok
18:24:14.0835 4064 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:24:14.0848 4064 Stereo Service - ok
18:24:14.0861 4064 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:24:14.0872 4064 stexstor - ok
18:24:14.0909 4064 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:24:14.0949 4064 StiSvc - ok
18:24:14.0979 4064 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:24:14.0990 4064 swenum - ok
18:24:15.0006 4064 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:24:15.0052 4064 swprv - ok
18:24:15.0108 4064 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:24:15.0135 4064 SysMain - ok
18:24:15.0152 4064 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:24:15.0183 4064 TabletInputService - ok
18:24:15.0224 4064 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:24:15.0267 4064 TapiSrv - ok
18:24:15.0287 4064 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:24:15.0312 4064 TBS - ok
18:24:15.0370 4064 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:24:15.0398 4064 Tcpip - ok
18:24:15.0448 4064 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:24:15.0476 4064 TCPIP6 - ok
18:24:15.0505 4064 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:24:15.0547 4064 tcpipreg - ok
18:24:15.0575 4064 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:24:15.0609 4064 TDPIPE - ok
18:24:15.0649 4064 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:24:15.0679 4064 TDTCP - ok
18:24:15.0701 4064 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:24:15.0723 4064 tdx - ok
18:24:15.0748 4064 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:24:15.0758 4064 TermDD - ok
18:24:15.0799 4064 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:24:15.0843 4064 TermService - ok
18:24:15.0870 4064 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:24:15.0902 4064 Themes - ok
18:24:15.0922 4064 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:24:15.0946 4064 THREADORDER - ok
18:24:15.0964 4064 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:24:15.0990 4064 TrkWks - ok
18:24:16.0045 4064 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:24:16.0068 4064 TrustedInstaller - ok
18:24:16.0105 4064 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:24:16.0148 4064 tssecsrv - ok
18:24:16.0217 4064 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:24:16.0242 4064 TsUsbFlt - ok
18:24:16.0283 4064 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:24:16.0321 4064 tunnel - ok
18:24:16.0353 4064 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:24:16.0364 4064 uagp35 - ok
18:24:16.0385 4064 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:24:16.0410 4064 udfs - ok
18:24:16.0424 4064 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:24:16.0437 4064 UI0Detect - ok
18:24:16.0469 4064 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:24:16.0480 4064 uliagpkx - ok
18:24:16.0512 4064 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
18:24:16.0524 4064 umbus - ok
18:24:16.0552 4064 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:24:16.0578 4064 UmPass - ok
18:24:16.0690 4064 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
18:24:16.0704 4064 UMVPFSrv - ok
18:24:16.0719 4064 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:24:16.0765 4064 upnphost - ok
18:24:16.0817 4064 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:24:16.0852 4064 USBAAPL - ok
18:24:16.0884 4064 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:24:16.0914 4064 usbaudio - ok
18:24:16.0953 4064 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:24:16.0997 4064 usbccgp - ok
18:24:17.0038 4064 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:24:17.0070 4064 usbcir - ok
18:24:17.0112 4064 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:24:17.0123 4064 usbehci - ok
18:24:17.0166 4064 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:24:17.0197 4064 usbhub - ok
18:24:17.0225 4064 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:24:17.0256 4064 usbohci - ok
18:24:17.0299 4064 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:24:17.0312 4064 usbprint - ok
18:24:17.0326 4064 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:24:17.0351 4064 USBSTOR - ok
18:24:17.0390 4064 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:24:17.0410 4064 usbuhci - ok
18:24:17.0439 4064 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:24:17.0473 4064 UxSms - ok
18:24:17.0500 4064 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:24:17.0512 4064 VaultSvc - ok
18:24:17.0530 4064 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:24:17.0543 4064 vdrvroot - ok
18:24:17.0587 4064 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:24:17.0636 4064 vds - ok
18:24:17.0653 4064 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:24:17.0682 4064 vga - ok
18:24:17.0732 4064 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:24:17.0769 4064 VgaSave - ok
18:24:17.0793 4064 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:24:17.0806 4064 vhdmp - ok
18:24:17.0822 4064 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:24:17.0834 4064 viaagp - ok
18:24:17.0854 4064 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:24:17.0882 4064 ViaC7 - ok
18:24:17.0898 4064 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:24:17.0909 4064 viaide - ok
18:24:17.0930 4064 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:24:17.0941 4064 volmgr - ok
18:24:17.0965 4064 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:24:17.0978 4064 volmgrx - ok
18:24:17.0992 4064 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:24:18.0005 4064 volsnap - ok
18:24:18.0036 4064 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:24:18.0048 4064 vsmraid - ok
18:24:18.0108 4064 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:24:18.0142 4064 VSS - ok
18:24:18.0157 4064 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:24:18.0169 4064 vwifibus - ok
18:24:18.0187 4064 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:24:18.0202 4064 vwififlt - ok
18:24:18.0221 4064 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:24:18.0251 4064 vwifimp - ok
18:24:18.0288 4064 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:24:18.0315 4064 W32Time - ok
18:24:18.0334 4064 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:24:18.0345 4064 WacomPen - ok
18:24:18.0363 4064 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:24:18.0386 4064 WANARP - ok
18:24:18.0390 4064 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:24:18.0413 4064 Wanarpv6 - ok
18:24:18.0449 4064 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:24:18.0484 4064 wbengine - ok
18:24:18.0504 4064 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:24:18.0538 4064 WbioSrvc - ok
18:24:18.0573 4064 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:24:18.0608 4064 wcncsvc - ok
18:24:18.0628 4064 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:24:18.0675 4064 WcsPlugInService - ok
18:24:18.0693 4064 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:24:18.0704 4064 Wd - ok
18:24:18.0725 4064 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:24:18.0740 4064 Wdf01000 - ok
18:24:18.0754 4064 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:24:18.0804 4064 WdiServiceHost - ok
18:24:18.0808 4064 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:24:18.0824 4064 WdiSystemHost - ok
18:24:18.0868 4064 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:24:18.0885 4064 WebClient - ok
18:24:18.0904 4064 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:24:18.0930 4064 Wecsvc - ok
18:24:18.0947 4064 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:24:18.0971 4064 wercplsupport - ok
18:24:18.0991 4064 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:24:19.0017 4064 WerSvc - ok
18:24:19.0043 4064 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:24:19.0066 4064 WfpLwf - ok
18:24:19.0077 4064 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:24:19.0088 4064 WIMMount - ok
18:24:19.0129 4064 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:24:19.0183 4064 WinDefend - ok
18:24:19.0191 4064 WinHttpAutoProxySvc - ok
18:24:19.0248 4064 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:24:19.0290 4064 Winmgmt - ok
18:24:19.0340 4064 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:24:19.0376 4064 WinRM - ok
18:24:19.0451 4064 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:24:19.0477 4064 WinUsb - ok
18:24:19.0512 4064 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:24:19.0535 4064 Wlansvc - ok
18:24:19.0647 4064 [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:24:19.0676 4064 wlidsvc - ok
18:24:19.0708 4064 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:24:19.0735 4064 WmiAcpi - ok
18:24:19.0763 4064 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:24:19.0775 4064 wmiApSrv - ok
18:24:19.0831 4064 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:24:19.0884 4064 WMPNetworkSvc - ok
18:24:19.0897 4064 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:24:19.0925 4064 WPCSvc - ok
18:24:19.0970 4064 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:24:20.0002 4064 WPDBusEnum - ok
18:24:20.0032 4064 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:24:20.0056 4064 ws2ifsl - ok
18:24:20.0066 4064 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
18:24:20.0081 4064 wscsvc - ok
18:24:20.0086 4064 WSearch - ok
18:24:20.0166 4064 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:24:20.0203 4064 wuauserv - ok
18:24:20.0215 4064 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:24:20.0253 4064 WudfPf - ok
18:24:20.0290 4064 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:24:20.0333 4064 WUDFRd - ok
18:24:20.0385 4064 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:24:20.0409 4064 wudfsvc - ok
18:24:20.0421 4064 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:24:20.0450 4064 WwanSvc - ok
18:24:20.0482 4064 ================ Scan global ===============================
18:24:20.0525 4064 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:24:20.0562 4064 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
18:24:20.0569 4064 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
18:24:20.0593 4064 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:24:20.0608 4064 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:24:20.0612 4064 [Global] - ok
18:24:20.0612 4064 ================ Scan MBR ==================================
18:24:20.0619 4064 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:24:20.0901 4064 \Device\Harddisk0\DR0 - ok
18:24:20.0902 4064 ================ Scan VBR ==================================
18:24:20.0905 4064 [ 676D1874A2FABFC033DAA148494A3AB8 ] \Device\Harddisk0\DR0\Partition1
18:24:20.0906 4064 \Device\Harddisk0\DR0\Partition1 - ok
18:24:20.0925 4064 [ 63C2F311E5F237FAD25AA1F2DCFF400D ] \Device\Harddisk0\DR0\Partition2
18:24:20.0926 4064 \Device\Harddisk0\DR0\Partition2 - ok
18:24:20.0926 4064 ============================================================
18:24:20.0926 4064 Scan finished
18:24:20.0926 4064 ============================================================
18:24:20.0937 3980 Detected object count: 5
18:24:20.0937 3980 Actual detected object count: 5
18:25:03.0498 3980 ACEDRV06 ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:03.0498 3980 ACEDRV06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:03.0502 3980 AVEO ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:03.0502 3980 AVEO ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:03.0507 3980 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:03.0507 3980 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:03.0509 3980 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:03.0509 3980 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:03.0511 3980 SSHDRV84 ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:03.0511 3980 SSHDRV84 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von daup (19.10.2012 um 17:40 Uhr) |
|
21.10.2012, 10:43
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? Ist auch unauffällig. Noch Probleme mit diesem Rechner? Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 12:27
| #15 |
| | Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? Log von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.21.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Andrea :: ANDREA-PC [Administrator] 21.10.2012 19:54:18 mbam-log-2012-10-21 (19-54-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 713489 Laufzeit: 1 Stunde(n), 50 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Bemängelt hat SUPERAntiSpyware: - die "CTFPrinter.dll" des Schulbuchverlags Cornelsen. Virustotal meint dazu mit Re-Scan: 1/43; den Treffer hat SUPERAntiSpyware. - Jede Menge Adware Cookies. Der Rechner läuft nach meinem Eindruck stabil und der Browser hat auch wieder eine vernünftige Geschwindigkeit. Was ist als nächstes dran? |
|
| Themen zu Chatzum und yontoo: wie bekomme ich dies wieder von meinem Rechner? |
| appdatalow, bho, bonjour, browser, canon, converter, desktop, driver./avg, ebay, error, fehler, firefox, flash player, free download, helper, home, install.exe, internet browser, launch, logfile, mp3, nodrives, nvidia update, object, plug-in, realtek, registrierungsdatenbank, registry, rundll, scan, security, software, svchost.exe, tarma, thomas, usb, windows, yontoo |
Button.
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
