|
Log-Analyse und Auswertung: exploit.drop.gsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.10.2012, 17:12 | #16 |
/// TB-Ausbilder | exploit.drop.gs Servus, also es kann sein, dass das hier ein Bug von MBAM ist. Evtl. können wir das Problem etwas eingrenzen. Schritt 1 Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Klicke auf Datei --> Speichern unter... Speichere die Datei als soap0_wsdl.txt im Ordner c\users\dirk\appdata\local\temp\ ab. Schließe die leere Textdatei. Solltest du die Textdatei im genannten Ordner nicht erstellen können bzw. eine Fehlermeldung erhalten, so teile mir diese bitte mit! Schritt 2
Bitte poste mit deiner nächsten Antwort
|
24.10.2012, 23:20 | #17 |
| exploit.drop.gs hi,
__________________1. keine probleme beim erstellen der txt datei 2. der scan mit dem bekannten ergebnis Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.24.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Dirk :: DIRK-PC [Administrator] Schutz: Deaktiviert 25.10.2012 00:10:39 mbam-log-2012-10-25 (00-10-39).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205570 Laufzeit: 2 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 c:\users\dirk\appdata\local\temp\soap0_wsdl.exe (Exploit.Drop.GS) -> Löschen bei Neustart. (Ende) |
25.10.2012, 14:47 | #18 |
/// TB-Ausbilder | exploit.drop.gs Servus,
__________________ok. da wir die .txt Datei erstellen konnten, ist es auch möglich, dass die .exe Datei, die MBAM ständig anzeigt, nicht existiert. Evtl. stört auch Microsoft Security Essentials. Schritt 1 Öffne Microsoft Security Essentials und klicke oben auf Einstellungen Klicke auf Ausgeschlossene Prozesse auf der linken Seite Klicke auf Durchsuchen Navigiere in den Ordner C:\Program Files (x86)\Malwarebytes' Anti-Malware Wähle mbam.exe aus und klicke auf Ok. Wiederhole diesen Vorgang für die folgenden beiden Dateien: Code:
ATTFilter C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe Klicke auf Speichern und bestätige gegebenenfalls die Änderungen. Eine englische Anleitung findest du hier. Schritt 2
Schritt 3 Klicke auf Start Gib in das Suchfeld cmd ein. Unter Programme erscheint cmd. Rechtsklicke darauf und wähle Als Administrator ausführen Gib in die Kommandozeile chkdsk ein und bestätige mit Enter. Sollten Fehler oder Probleme in der Box angezeigt werden, so teile mir das bitte mit. Starte deinen Rechner anschließend neu auf. Schritt 4
Schritt 5 Bitte befolge folgende Anleitung und lass dir alle Dateien anzeigen: alle Windows Dateien sichtbar machen Lösche keine Datei ohne Anweisung! Gehe in den Ordner c:\users\dirk\appdata\local\temp\. Kannst du die Datei soap0_wsdl.exe dort sehen? Wenn ja, rechtsklicke auf die Datei und wähle Löschen. Bestätige mit Ok. Wenn du die Datei nicht im Ordner sehen kannst, starte deinen Rechner neu auf und berichte, ob du nun die Datei sehen kannst. Erscheint die Datei bei jedem Neustart immer wieder? Erscheint die Datei z. B. immer wenn du den Internet Browser verwendet hast? Ein Kollege hat mir berichtet, dass es möglich ist, dass du ständig eine infizierte Seite besuchst und dadurch dieser Exploit im Ordner abgespeichert wird. Welche Seiten besuchst du, die hierfür in Fragen kommen könnten? Bitte poste mit deiner nächsten Antwort
|
25.10.2012, 23:48 | #19 |
| exploit.drop.gs Results of screen317's Security Check version 0.99.53 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Spyware Terminator 2012 Spybot - Search & Destroy ThreatFire Secunia PSI (2.0.0.3003) Malwarebytes Anti-Malware Version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.4.402.287 Adobe Reader X (10.1.4) Mozilla Firefox (16.0.1) Mozilla Thunderbird (16.0.1) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! ThreatFire TFTray.exe ThreatFire TFService.exe MALWAREBYTES' ANTI-MALWARE MBAMSCHEDULER.EXE `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.25.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Dirk :: DIRK-PC [Administrator] 26.10.2012 00:00:24 mbam-log-2012-10-26 (00-04-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205614 Laufzeit: 2 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 c:\users\dirk\appdata\local\temp\soap0_wsdl.exe (Exploit.Drop.GS) (Ende) keine probs beim cmd die datei soap0_wsdl.exe kann ich im tempordner nicht finden...(die versteckten dateien habe ich mir schon länger anzeigen lassen, gesucht habe ich die da natürlich schon früher, als mwb diese datei nicht löschen konnte bzw. mbw die immer wieder gefunden hat... während der ganzen prozedur hier habe ich mit sicherheit keine infizierte seite besucht... mwb findet die datei immer - nach jedem neustart, nach jedem scan(verlangt dann zum löschen der markierten probleme einen neustart, nach diesem findet mbw die datei aber sofort wieder, ohne dass ich da überhaupt einen browser geöffnet habe) oder sonst was gemacht habe...also dass die datei gelöscht wird und dann durch eine infizierte seite wieder da ist , ist nicht möglich... ich bin jetzt leider bis sonntagabend unterwegs/nicht am PC - bitte den thread nicht schließen...ich werde sonntagabend sofort zum PC stürzen und schauen, was dir zu dem hier eingefallen ist |
26.10.2012, 16:47 | #20 |
/// TB-Ausbilder | exploit.drop.gs Servus, danke für die Rückmeldung. Eventuell interveniert ein anderes Programm. Wir machen nochmal einen Systemscan. Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. |
28.10.2012, 22:04 | #21 |
| exploit.drop.gs Da bin ich wieder OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.10.2012 21:51:04 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dirk\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,34% Memory free 7,99 Gb Paging File | 5,88 Gb Available in Paging File | 73,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,39 Gb Total Space | 69,40 Gb Free Space | 47,41% Space Free | Partition Type: NTFS Drive D: | 319,28 Gb Total Space | 88,44 Gb Free Space | 27,70% Space Free | Partition Type: NTFS Computer Name: DIRK-PC | User Name: Dirk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.21 21:29:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe PRC - [2012.10.15 06:50:37 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2012.10.12 09:45:52 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.10.09 10:50:22 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe PRC - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 00:57:30 | 003,673,808 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2012.09.07 00:57:20 | 002,777,296 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.09 19:51:26 | 001,672,008 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe PRC - [2012.07.09 19:51:02 | 000,545,608 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe PRC - [2012.07.09 19:50:58 | 000,271,176 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe PRC - [2012.07.09 19:50:56 | 000,549,704 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011.04.19 07:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2010.01.14 15:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe PRC - [2010.01.14 15:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe PRC - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ========== Modules (No Company Name) ========== MOD - [2012.10.15 06:50:38 | 002,111,456 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2012.10.15 06:50:38 | 000,157,664 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2012.10.15 06:50:38 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll MOD - [2012.10.12 09:45:42 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.10.09 10:50:21 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.07.28 03:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.10.12 09:45:51 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 10:50:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.09.07 00:57:38 | 001,148,664 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.09 19:51:02 | 000,545,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -- (TwonkyProxy) SRV - [2012.07.09 19:50:58 | 000,271,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -- (TwonkyWebDav) SRV - [2012.07.09 19:50:56 | 000,549,704 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -- (TwonkyServer) SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.05 01:04:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.01.14 15:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire) SRV - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.21 02:56:20 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.01.22 09:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.11 22:15:59 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.07.28 05:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.07.28 05:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.28 02:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.02.15 17:20:46 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.02.15 17:20:46 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.01.14 15:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon) DRV:64bit: - [2010.01.14 15:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon) DRV:64bit: - [2010.01.14 15:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon) DRV:64bit: - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen) DRV:64bit: - [2009.08.23 03:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.30 12:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.06 02:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3) DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) DRV:64bit: - [2008.01.09 11:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri) DRV - [2010.06.27 12:54:49 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64) DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 E7 96 A8 35 B0 CD 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {CE0AB267-5174-467B-852F-6D84185754F2} IE - HKCU\..\SearchScopes\{CE0AB267-5174-467B-852F-6D84185754F2}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig?hl=de&refresh=1" FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {e0dcd7a1-949c-490a-bd7b-d733c2bda820}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dirk\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\pageplace.de/PagePlaceStarter: C:\Program Files (x86)\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG) FF - HKCU\Software\MozillaPlugins\telekom.com/PagePlaceStarter: C:\Program Files (x86)\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 09:45:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 09:45:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.21 11:10:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.16 21:28:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 09:45:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 09:45:38 | 000,000,000 | ---D | M] [2010.02.05 13:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Extensions [2010.02.05 13:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.27 10:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions [2012.10.10 22:04:17 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.10.03 15:38:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.09.28 15:06:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.20 09:46:07 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\firefox@ghostery.com [2012.07.06 11:43:47 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\elemhidehelper@adblockplus.org.xpi [2012.10.27 10:07:40 | 000,530,068 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.25 22:38:35 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.07.22 03:08:25 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.10.11 11:45:05 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.10.24 07:50:26 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-10.xml [2010.12.10 01:56:44 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-11.xml [2011.03.02 11:44:11 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-12.xml [2010.06.23 12:39:45 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-4.xml [2010.07.21 23:59:55 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-5.xml [2010.07.25 02:31:30 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-6.xml [2010.09.09 14:44:52 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-7.xml [2010.09.17 02:33:56 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-8.xml [2010.10.20 11:37:59 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-9.xml [2012.10.12 09:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.12 09:45:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.10.12 09:45:52 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.21 14:10:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF1435D8-7314-489B-8B29-5254127543BA}: NameServer = 192.168.178.1,217.237.150.97 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.23 11:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.10.23 11:27:50 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.10.23 11:27:40 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.10.23 11:27:40 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.10.23 11:27:37 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.10.23 11:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.10.23 11:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.10.23 11:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.10.23 11:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.10.23 11:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.10.23 11:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.10.23 11:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.10.23 11:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.10.22 17:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.22 16:50:26 | 000,000,000 | ---D | C] -- C:\_OTL [2012.10.21 21:28:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe [2012.10.21 14:18:24 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.21 14:10:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.10.21 13:48:13 | 004,985,492 | R--- | C] (Swearware) -- C:\Users\Dirk\Desktop\ComboFix.exe [2012.10.21 10:59:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.21 10:59:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.21 10:59:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.21 10:59:16 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.21 10:58:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.19 14:56:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.10.19 14:43:04 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dirk\Desktop\tdsskiller.exe [2012.10.19 14:40:14 | 000,815,665 | ---- | C] (Farbar) -- C:\Users\Dirk\Desktop\ListParts64.exe [2012.10.19 14:34:18 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Dirk\Desktop\TFC.exe [2012.10.19 13:55:10 | 000,000,000 | ---D | C] -- C:\Users\Dirk\Desktop\RK_Quarantine [2012.10.19 13:38:57 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Dirk\Desktop\dds.com [2012.10.13 09:31:38 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.10.12 09:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.11 22:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.11 22:27:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.11 22:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.11 22:15:59 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012.10.11 22:15:49 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\Spyware Terminator [2012.10.11 22:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2012.10.11 22:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2012.10.11 22:13:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2012.10.10 12:35:07 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.10 12:35:06 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.10 12:35:06 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.10 12:35:00 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.10 12:35:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.10 12:35:00 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.10 12:34:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.10 12:34:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.10 12:34:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.10 12:34:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.10 12:34:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.10 12:34:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.10 12:34:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.10 12:34:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.10 12:34:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 12:34:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.10 12:34:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 12:34:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 12:34:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 12:34:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 12:34:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 12:34:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 12:34:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 12:34:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 12:34:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 12:34:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 12:34:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 12:34:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 12:34:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 12:34:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 12:34:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 12:34:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 12:34:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 12:34:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 12:34:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 12:34:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 12:34:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 12:34:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 12:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 12:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 12:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 12:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 12:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 12:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 12:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 12:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 12:34:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 12:34:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 12:34:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 12:34:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.10 12:34:48 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 12:34:33 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 12:34:32 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.10 09:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak [2012.10.09 18:11:44 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\TwonkyMedia [2012.10.09 17:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\twonkyclient [2012.10.09 17:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips [2012.10.09 17:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Philips [2012.10.09 17:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TwonkyServer [2012.10.09 17:36:26 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\TwonkyServer [2012.10.09 17:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Twonky [2012.09.30 13:42:56 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.28 21:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.28 21:08:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.28 17:34:32 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.28 17:34:32 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.28 17:27:25 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.28 17:27:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.28 17:27:02 | 3217,674,240 | -HS- | M] () -- C:\hiberfil.sys [2012.10.23 11:27:31 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.10.23 11:27:30 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.10.23 11:27:30 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.10.23 11:27:29 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.10.23 11:27:29 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.10.23 11:27:29 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.10.22 21:02:53 | 000,881,773 | ---- | M] () -- C:\Users\Dirk\Desktop\SecurityCheck.exe [2012.10.22 17:02:02 | 000,001,418 | ---- | M] () -- C:\Users\Dirk\Desktop\Internet Explorer (64-bit).lnk [2012.10.21 21:29:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe [2012.10.21 14:10:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.10.21 13:48:25 | 004,985,492 | R--- | M] (Swearware) -- C:\Users\Dirk\Desktop\ComboFix.exe [2012.10.21 13:05:10 | 000,538,941 | ---- | M] () -- C:\Users\Dirk\Desktop\adwcleaner.exe [2012.10.19 14:42:51 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dirk\Desktop\tdsskiller.exe [2012.10.19 14:40:01 | 000,815,665 | ---- | M] (Farbar) -- C:\Users\Dirk\Desktop\ListParts64.exe [2012.10.19 14:33:56 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\TFC.exe [2012.10.19 13:54:43 | 001,425,920 | ---- | M] () -- C:\Users\Dirk\Desktop\RogueKiller.exe [2012.10.19 13:37:57 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Dirk\Desktop\dds.com [2012.10.19 08:57:42 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.14 09:43:22 | 000,316,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.11 22:15:59 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012.10.11 22:15:48 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2012.10.11 11:59:29 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.09 17:37:18 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\MediaManager.lnk [2012.10.09 17:36:31 | 000,000,011 | ---- | M] () -- C:\ProgramData\.tv7 [2012.10.09 13:43:28 | 000,001,751 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.10.09 10:50:22 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.09 10:50:22 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.02 12:01:43 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.10.02 12:01:37 | 000,607,584 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.02 12:01:37 | 000,100,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.23 11:04:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.10.22 21:02:52 | 000,881,773 | ---- | C] () -- C:\Users\Dirk\Desktop\SecurityCheck.exe [2012.10.22 17:02:02 | 000,001,418 | ---- | C] () -- C:\Users\Dirk\Desktop\Internet Explorer (64-bit).lnk [2012.10.21 13:05:10 | 000,538,941 | ---- | C] () -- C:\Users\Dirk\Desktop\adwcleaner.exe [2012.10.21 10:59:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.21 10:59:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.21 10:59:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.21 10:59:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.21 10:59:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.19 13:55:02 | 001,425,920 | ---- | C] () -- C:\Users\Dirk\Desktop\RogueKiller.exe [2012.10.14 09:43:12 | 000,316,360 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.11 22:27:35 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.11 22:15:48 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2012.10.09 17:37:18 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\MediaManager.lnk [2012.10.09 17:36:31 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7 [2012.05.09 13:51:47 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb [2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.04.25 12:06:44 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.04.25 12:06:44 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.01.26 00:25:32 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.10 01:04:57 | 000,003,584 | ---- | C] () -- C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.13 15:09:14 | 011,141,120 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.06.30 23:23:31 | 000,007,626 | ---- | C] () -- C:\Users\Dirk\AppData\Local\Resmon.ResmonCfg [2010.06.22 14:05:25 | 001,482,752 | ---- | C] () -- C:\Users\Dirk\NTUSER.rhk [2010.02.06 02:22:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.10.2012 21:51:04 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dirk\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,34% Memory free 7,99 Gb Paging File | 5,88 Gb Available in Paging File | 73,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,39 Gb Total Space | 69,40 Gb Free Space | 47,41% Space Free | Partition Type: NTFS Drive D: | 319,28 Gb Total Space | 88,44 Gb Free Space | 27,70% Space Free | Partition Type: NTFS Computer Name: DIRK-PC | User Name: Dirk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00A39BF5-2171-4FE2-A8DA-A1BF6C3ACB20}" = rport=139 | protocol=6 | dir=out | app=system | "{093BEC14-51DD-4299-A309-08571FE1835D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{095F91B4-0D5A-451C-8D8F-53BFA042DDA9}" = lport=2869 | protocol=6 | dir=in | app=system | "{0ED6777D-3734-4F9D-9EB6-4A7ACA922030}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1934D624-8569-41E1-8061-AAB40DD95621}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1D2959B0-C6A7-4BA9-A83E-A74B1DE4550C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3AEBFB3F-99B6-4C9D-8DB0-0A508E9C2FEE}" = lport=10243 | protocol=6 | dir=in | app=system | "{40FA35C0-3936-422B-B139-775A168EF707}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x64\rpcsandrasrv.exe | "{505DE7AA-EDD8-4FC6-A65B-E9120B8EBD8B}" = rport=10243 | protocol=6 | dir=out | app=system | "{584732ED-D77D-43D2-B5BD-74567F971E13}" = lport=137 | protocol=17 | dir=in | app=system | "{5B141AE1-29FB-4FEB-A2F7-A433F74F1A60}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5F3FEFF4-A681-47DF-9A36-93630E317704}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6097D4F9-E3BD-4BED-A005-E2995E0059BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{71731918-2927-421A-9502-E8ADC409E913}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{743E599E-F57F-48BF-AB3F-D8F8C69D71C6}" = lport=139 | protocol=6 | dir=in | app=system | "{7E5662BE-D8A1-4B93-BEBA-AB2BD2770AFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8BD32378-5F48-438F-B7C1-220039E472C6}" = rport=445 | protocol=6 | dir=out | app=system | "{944CF5CD-EEDD-4EA6-AAF7-24E5B957E094}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{98A54F3C-77E5-4CA9-85A6-17680320FA56}" = lport=138 | protocol=17 | dir=in | app=system | "{A6E1ADE7-8478-4488-A505-9C6918118687}" = rport=137 | protocol=17 | dir=out | app=system | "{B47B56C6-BDC0-41EF-88E7-993895E46DB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BB4B86DB-4496-4171-B7EC-5D11800666ED}" = lport=445 | protocol=6 | dir=in | app=system | "{C2DCD8B3-6B0D-41AA-B202-3035E1D415A1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F4615B2D-52E6-46DC-AFC4-99F3D542788A}" = rport=138 | protocol=17 | dir=out | app=system | "{F96425AF-F2BD-43DF-9BED-BCA05D90558A}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{065FDC25-B2C4-4768-8C32-6C6B17A1C042}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0BA24DC6-DA8A-4DD5-9ECB-90A7AF997707}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{0FB3AE92-B180-464C-983B-49F96A24852D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{12DD5709-E88B-4F45-AAC0-5F7091F5F9DC}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{15DECB12-D38A-4ECF-8794-4E09DF8D4B37}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{1E7C2F20-9334-4571-9283-6BF8585520E4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1F1B7D47-618D-46BD-8BD5-7C0B450607C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{20781D5F-6EFF-4261-B2CB-42761AC3F3D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2343AC8D-8B5A-4A92-9113-0ED1C6DB0A83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{24B99D54-F224-4854-ABD8-EF0C24D1AA58}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{26024BEE-62AF-458C-AAC9-EE6C2866F81C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | "{26226094-7CCA-4E4B-A009-D9DCADCFA08E}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{27FCA029-A006-461D-9A43-B926F3454603}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | "{28995874-D12B-406F-A556-83E1C654C166}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{30C6A459-8AF0-43DB-BD6D-37F9D89E3A48}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | "{3144D4ED-BBA4-4B3D-A959-68604E507BF4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{31E35AD8-8763-4050-A02D-6EEA9B43811C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{356656CF-3B04-4662-AD54-90CDB118D3BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{35C4FD43-BB4F-4865-999C-611C537A454A}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{3E242AFE-F052-4505-A3D3-2DE5ECD83C38}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{484AA0B6-839A-429D-93E2-F10801AA623E}" = protocol=6 | dir=out | app=system | "{5D92CE96-D315-41A4-A427-22842FD635C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{67FF00CF-0BBE-424F-AF6F-6A432EFF2B25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6AE26481-B595-4E97-85E3-116123313AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{70F10B59-A426-4E18-85A4-390B65C090EA}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{7E5B33C7-F7EE-4CA0-B863-C4A1A86F4041}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8058CBAE-14A1-4D84-8F1D-6F9E177F8EB0}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | "{8092BC65-CB5D-42BC-AC76-BACD3000FD52}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{847DE8F9-1EA3-4AC8-BA92-32440FD96E91}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{886E17DE-652D-4F8A-AF8E-BF9F136D6149}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{8B234362-7D02-483F-B3FB-4FB2AE10FBA6}" = protocol=6 | dir=in | app=c:\program files (x86)\deepinvent\mailstore home\mailstorelocal.exe | "{8C5FF6E1-66E1-43F9-AFD6-9AE43A435C81}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{8DBD6F7E-D316-47BF-A2AA-4B2E2DCE9212}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8FE53467-B3A4-4CAF-8D90-E9295F1BD602}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{90FBF18F-AB2E-436E-854A-34D8757F7673}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{92E2BB76-D4C1-4E43-A0A5-88AB00AE804C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9834B4C4-5561-4466-9AB5-D64CC1893B52}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{9AA3132F-39B3-4384-9473-CF471FED0520}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | "{9F6CE7B1-17F6-4F44-A412-D768241E78AC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | "{AC71AC5C-4772-4CB4-94BC-6D7BD763DE32}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | "{AF282A66-4EC5-4A4C-B0B2-3E91DEC8AAF0}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | "{B90AFBA7-EC27-4362-B8F2-E9643736DC81}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C02F6E4F-325E-4521-AD5D-7B01A953916D}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | "{C5ACDF3D-F8F9-4B7B-9E4B-C1B01D0ABB42}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{CCBB7F14-0313-4E7A-B757-5EA561ACA619}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{D2929FAD-5123-42BD-AE09-67CDB6353313}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | "{D7500F06-5D58-4D55-A24C-C9F4760EB7EE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | "{D7D27E32-62A2-433F-B1BA-A752F95E6C9F}" = protocol=17 | dir=in | app=c:\program files (x86)\deepinvent\mailstore home\mailstorelocal.exe | "{D9A16E93-141C-4C2B-801E-1780EFAB77F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DD0B7565-80D8-4211-A5F7-E74BD5D01B78}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DF600F81-D4C0-44B7-A3D9-3482124BD39F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{F1B662AF-C489-4CD9-B562-6CC4EC7405B9}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{1705BE81-92BA-47F7-937F-20694A00869A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{4DB334E3-66E0-4B7B-AC26-36548FAA7EFA}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\uplaybrowser.exe | "TCP Query User{54F95C72-FB99-429F-9558-D22F04A57BBD}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{6DAC2CFA-8C6A-4459-A7AD-B91EF40D10E5}C:\program files (x86)\philips\mediamanager\twonkyrenderer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\philips\mediamanager\twonkyrenderer.exe | "TCP Query User{73624FAE-1A37-4C2E-8F49-4AEB94B85374}C:\bluebyte\siedler3\s3 winxpupdate.exe" = protocol=6 | dir=in | app=c:\bluebyte\siedler3\s3 winxpupdate.exe | "TCP Query User{86DB691C-FD59-4F9C-A0BA-A8D78C0786B3}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "TCP Query User{98B31631-7D8C-4AF3-92F0-95C66FD0A1B1}C:\program files (x86)\twonky\twonkyserver\twonkyserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | "TCP Query User{D69FC35E-7EE0-4BA0-9EAE-E6925BE90E53}C:\program files (x86)\philips\mediamanager\twonkymanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\philips\mediamanager\twonkymanager.exe | "TCP Query User{D73300B7-328E-485C-9FD5-38D8F8CC2DB8}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{E26CF8ED-745E-4B26-AF3D-AC45625E639E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{1E7B2C27-0208-4DBE-95D4-DE3E03D05F95}C:\bluebyte\siedler3\s3 winxpupdate.exe" = protocol=17 | dir=in | app=c:\bluebyte\siedler3\s3 winxpupdate.exe | "UDP Query User{3C4EC86A-AC6D-475C-AE9F-EA653B669DAB}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{4531F567-5E39-4BE6-8823-489AC2A39998}C:\program files (x86)\twonky\twonkyserver\twonkyserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | "UDP Query User{57A7162E-3374-43D5-8FC2-E953CC84C847}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{6B8E1421-B311-4370-B1B9-FC8FD6B3EB54}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{6D4AE0BF-D6C3-4794-8CFA-F4537ECA461F}C:\program files (x86)\philips\mediamanager\twonkyrenderer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\philips\mediamanager\twonkyrenderer.exe | "UDP Query User{BC4A08EA-CE25-4D45-8D2E-DCE6B319D47E}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{E15C1DE7-5584-413B-8BA7-1EFCDB990E1D}C:\program files (x86)\philips\mediamanager\twonkymanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\philips\mediamanager\twonkymanager.exe | "UDP Query User{EB4061C1-D6FB-4681-843E-C49B955F694D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{EDC19B49-4BEC-429E-BAAC-5D2A1D0EAF9A}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\uplaybrowser.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{26A24AE4-039D-4CA4-87B4-2F86416035FF}" = Java(TM) 6 Update 35 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP4a "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{E6689D65-0B0D-300C-8404-3F0200DAB065}" = ATI AVIVO64 Codecs "{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "DriverAgent.exe" = DriverAgent by eSupport.com "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German "{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}" = Sound Blaster X-Fi "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver "{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese "{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek "{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai "{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean "{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center "{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012 "{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French "{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish "{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish "{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7CC673E7-5271-409D-B196-BB76DA60300B}" = Twonky Windows Components "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist "{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian "{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7 "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch "{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{B58D3D06-1C79-48EF-AF7E-79D8629D16E0}" = phase6_197 "{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish "{C90F1F31-EE00-4E31-ABA3-355FF904F86A}" = Carnet d'activités À plus! 3 "{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common "{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T "{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire "7-Zip" = 7-Zip 4.65 "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010 "Audacity_is1" = Audacity 2.0 "AudioCS" = Creative Audio-Systemsteuerung "Canon MP540 series Benutzerregistrierung" = Canon MP540 series Benutzerregistrierung "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CDex" = CDex - Open Source Digital Audio CD Extractor "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.4 "Diagnostics 4_5" = Creative-Diagnose "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ESET Online Scanner" = ESET Online Scanner v3 "FileHippo.com" = FileHippo.com Update Checker "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1 "Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727 "Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918 "Host OpenAL" = Host OpenAL "ImgBurn" = ImgBurn "IrfanView" = IrfanView (remove only) "LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15 "MailStore Home_is1" = MailStore Home 4.0.4.3791 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "MediaManager" = MediaManager "Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de) "Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0 "Opera 11.64.1403" = Opera 11.64 "PagePlace" = PagePlace "phase-6" = phase-6 2.1.1.2d "phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1.6 "Revo Uninstaller" = Revo Uninstaller 1.94 "Secunia PSI" = Secunia PSI (2.0.0.3003) "Siedler3Deinstall" = Siedler3 "Siedler3MissionUninstall" = DIE SIEDLER III MISSION CD "SpeedFan" = SpeedFan (remove only) "The KMPlayer" = The KMPlayer (remove only) "Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0 "Tropico3" = Tropico 3: Absolute Power "Uninstall_is1" = Uninstall 1.0.0.1 "Veetle TV" = Veetle TV "VLC media player" = VLC media player 2.0.2 "Winamp" = Winamp ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Anwendungserkennung ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.10.2012 19:50:44 | Computer Name = Dirk-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 23.10.2012 19:51:12 | Computer Name = Dirk-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 25.10.2012 02:48:07 | Computer Name = Dirk-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 25.10.2012 18:17:51 | Computer Name = Dirk-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TFTray.exe, Version: 4.10.1.14, Zeitstempel: 0x4b4fa205 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x006f0000 ID des fehlerhaften Prozesses: 0x11f4 Startzeit der fehlerhaften Anwendung: 0x01cdb2fe8f777748 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ThreatFire\TFTray.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: d0084e1d-1ef1-11e2-97b1-6cf0490d6cda Error - 25.10.2012 19:32:28 | Computer Name = Dirk-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 25.10.2012 19:33:55 | Computer Name = Dirk-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 28.10.2012 06:44:27 | Computer Name = Dirk-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001 Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten. Error - 28.10.2012 07:11:34 | Computer Name = Dirk-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 28.10.2012 07:12:58 | Computer Name = Dirk-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 28.10.2012 12:31:32 | Computer Name = Dirk-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001 Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten. Error - 28.10.2012 13:13:27 | Computer Name = Dirk-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001 Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten. [ System Events ] Error - 25.10.2012 19:01:11 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error - 26.10.2012 02:13:41 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error - 26.10.2012 03:46:54 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error - 26.10.2012 07:10:46 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error - 26.10.2012 08:47:39 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error - 26.10.2012 11:36:56 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error - 27.10.2012 04:50:26 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error - 27.10.2012 12:04:53 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error - 28.10.2012 06:40:08 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE Error - 28.10.2012 12:27:27 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Lbd SBRE < End of report > |
29.10.2012, 09:55 | #22 |
/// TB-Ausbilder | exploit.drop.gs Servus, es kann sein, dass ThreatExpert und/oder SpywareTerminator den Löschversuch behindern. Zudem sind noch Reste von Ad-Aware auf deinem Rechner. Bitte lösche testweise die genannten Programme und berichte, was passiert. Schritt 1
Schritt 2
Schritt 3 Starte deinen Rechner neu auf. Findet MBAM die Datei immer wieder nach jedem Neustart? Gibt es noch irgendwelche Probleme mit deinem Rechner? Bitte poste mit deiner nächsten Antwort
|
29.10.2012, 10:42 | #23 |
| exploit.drop.gs man glaubt es kaum ich habe threatfire und spyware terminator deinstalliert ad-aware browsing protection habe ich nicht gefunden ? aber dann der scan mit mwb und man glaubt es kaum Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.25.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Dirk :: DIRK-PC [Administrator] 29.10.2012 10:35:10 mbam-log-2012-10-29 (10-35-10).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205390 Laufzeit: 2 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) und bis auf das ständige finden dieser besagten datei hatte ich eigentlich keine probs... fragt sich nun was du als spyware- und virenschutz für die zukunft empfiehlst...aaber darauf wirst du sicher noch zu sprechen kommen... |
29.10.2012, 10:48 | #24 | |
/// TB-Ausbilder | exploit.drop.gs Servus, Installiere dir ein AV Programm und lass SecurityCheck nochmal laufen. Nach der neuen Logdatei räumen wir auf und ich geb dir noch ein paar Tipps. Zitat:
Schritt 1 Manchmal bemerkt man Malware durch PopUps oder Google-Umleitungen etc, aber meisten läuft diese unbemerkt im Hintergrund. Ein AVP kann Dir helfen, Malware zu finden. Bitte downloade und Installiere Dir eines der folgenden AVPs. Schritt 2
Bitte poste mit deiner nächsten Antwort
|
29.10.2012, 10:55 | #25 |
| exploit.drop.gs microsoft security essentials läuft doch schon die ganze zeit bei mir ? Results of screen317's Security Check version 0.99.53 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Spybot - Search & Destroy Secunia PSI (2.0.0.3003) Malwarebytes Anti-Malware Version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.4.402.287 Adobe Reader X (10.1.4) Mozilla Firefox (16.0.1) Mozilla Thunderbird (16.0.1) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
29.10.2012, 11:09 | #26 |
/// TB-Ausbilder | exploit.drop.gs Servus, Stimmt, hab ich vorhin total übersehen. Tut mir Leid! Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 2 Ich würde dir empfehlen, 1 mal pro Woche auch mit diesem Scanner dein System zu prüfen. Möchtest Du ESET denoch deinstallieren, Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster. Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe" Schritt 3 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 4
Schritt 5 Starte bitte OTL und klicke auf Bereinigung. Du wirst zu einem Neustart aufgefordert. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte ein verwendetes Programm nach dem Neustart noch verhanden sein, bitte mit Rechtsklick --> Löschen manuell entfernen. Schritt 6 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
29.10.2012, 11:19 | #27 |
| exploit.drop.gs soweit alles klar.... vielen dank für deine geduld und hilfe und hoffentlich sehen wir uns so schnell nicht wieder (bitte nicht falsch verstehen^^) Geändert von Nightcab (29.10.2012 um 11:51 Uhr) |
29.10.2012, 11:55 | #28 | |
/// TB-Ausbilder | exploit.drop.gsZitat:
Ich bin froh, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |