| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Seltsame Meldungen von angeblichen Virenschutzprogrammen die mich doch verunsichernWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
29.10.2012, 14:19
| #1 |
 |  Seltsame Meldungen von angeblichen Virenschutzprogrammen die mich doch verunsichern So um mein Problem so gut wies geht zu erklären muß ich etwas ausholen.... also normal bin ich überzeute Kasperskyuserin und hatte seltenst probleme mit pc etc... nun hatte ich ursprünglich Kaspersky 2011 installiert und wollte die 2012 installieren. Habe Kaspersky komplett mit dem Removaltool gelöscht, wollte die neue Version installieren aber die Installation brach nach der Ordnerwahl ab. Hab dann zwischenzeitlich ein anderes Programm (AVG) installiert ....(ja ich weiß nich so gut  ) nun bekam ich dort die Meldung: "";"Trojaner: SHeur4.CKI, D:\Programme\Real\RealPlayer\Update\realsched.exe (2672)";"Infiziert" hab dann noch andere Virenprogis laufen lassen wie den PANDA Cloudscan bekam da auch ne Meldung: C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\duk.exe/Upx.mkszxvic und noch ein paar weitere.... nach dem ich mir dann das Kaspersky Virus Removal Tool runtergeladen hab und den drüber laufen lies gabs nix. dann hab ich (ja das weiß ich auch, das der shit ist  ) den TrojanHunter geladen und der meldet:Found trojan file: C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\duk.exe/Upx.mkszxvic (Agent.2807(99)) Found trojan file: C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\SandboxShared\Downloads\DUK.zip/duk.exe/Upx.mmmuqrhs (Agent.2807(99)) Warning: Unable to unpack UPX-packed file C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\SandboxShared\Downloads\SoftonicDownloader_fuer_messenger-plus.exe Found trojan file: C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\SandboxShared\Downloads\TeamViewer_11117Setup_de.exe (Agent.24176(202)) Warning: Unable to unpack UPX-packed file C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\SandboxShared\SkypeSetup.exe Found trojan file: C:\WINDOWS\ServicePackFiles\i386\ulib.dll (AgentZ.815(240)) Found trojan file: C:\WINDOWS\ServicePackFiles\i386\ulib.dll (AgentZ.815(240)) Found trojan file: C:\WINDOWS\ServicePackFiles\i386\winlogon.exe (Bamital.206) Found trojan file: C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ulib.dll (AgentZ.815(240)) Found trojan file: C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe (Bamital.206)Found trojan file: C:\WINDOWS\system32\dllcache\ulib.dll (AgentZ.815(240)) habe dann auf jotti, virscan und virustotal mal die datein gescannt und das sind die ergebnisse: SHA256: bd88a7fef9f46d6a50635ec7568091f00cedb3dc38cd7296edece3843e3e5274 File name: TeamViewer_Setup_de (1).exe Detection ratio: 0 / 41 Analysis date: 2012-10-25 21:47:27 UTC ( 3 Tage, 13 Stunden ago ) SHA256: 749473c33f61cad2f87fa7cecb9297d19fc07c474e8b2752b5fe7f2a04f1e484 SHA1: 6f537924fac00d14f5726b7615cbf300d3111023 MD5: 26917033b825ac7754305fe8198fbac2 File size: 279.4 KB ( 286096 bytes ) File name: 26917033b825ac7754305fe8198fbac2 File type: Win32 EXE Detection ratio: 2 / 44 Analysis date: 2011-09-13 17:22:32 UTC ( 1 Jahr, 1 Monat ago ) Dateiname: realsched.exe Status: Scan abgeschlossen. 0 von 20 Scannern haben Malware gemeldet. Untersucht am: So 16 Okt 2011 12:34:24 (CET) Dateigröße: 273528 Bytes Dateityp: PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5: 2aa60514b683f15cf484c4a9f21c3425 SHA1: f069024163671e4d59b1c91dd17ed88f2ba43415 Dateiname : SkypeSetup.exe Größe : 946352 byte Typ : PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5 : 3664d3689c6261fc5648d5818191e932 SHA1 : 1fd72ccd317368ab05b6343a748ea6fdc0aeb3a3 Dateiname: realsched.exe Status: Scan abgeschlossen. 0 von 20 Scannern haben Malware gemeldet. Untersucht am: So 16 Okt 2011 12:34:24 (CET) nun da ich diese datein gar nicht so wirklich kenne weiß ich nicht was ich davon halten soll..... die anderen datein kenne ich und weiß das da nur humbug dahinter steckt, da sie nicht verändert sind.... dank der schlauen seiten. nun aber hab ich eben das problem das ich keinen kaspersky installieren kann, was mir am liebsten wäre warum kann ich den nicht installieren? ich befürchte eben einen befall.... sonst hats doch auch immer funktioniert......  (sorry für das erst alles richtig schreiben und dann nur klain schreiben, aber ich schreib normal im internet nur klein  ) |
|
31.10.2012, 10:47
| #2 |
| /// Malwareteam    |  Seltsame Meldungen von angeblichen Virenschutzprogrammen die mich doch verunsichern Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 2: OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ |
|
31.10.2012, 13:39
| #3 |
| | Seltsame Meldungen von angeblichen Virenschutzprogrammen die mich doch verunsichern als erstes mal vielen dank für die promte und schnelle antwort.
__________________crossposting gibt es bei mir nicht...ich weiß wie nervig und iritierend das werden kann, zudem suche ich mir ein forum aus, das sich in den threads als zimlich als kompetent anhört*g* außerdem bin ich ein sehr folgsamer mensch und mache das was mir "experten" raten, sonst würd ich mich nich an solche wenden.... so nun mal eins nach dem anderen... also ich habe mir den defogger auf den desctop geladen, wie geraten, habe den nach anweisung gestartet, in der defogger disable log steht eigentlich nichts drin, nur das: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:25 on 31/10/2012 (fantasy)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
2. der OTL hat wie gesagt zwei datein ausgegeben die erste nennt sich OTL.txt Code:
ATTFilter OTL logfile created on: 31.10.2012 13:24:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\fantasy\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 71,93% Memory free 4,59 Gb Paging File | 3,89 Gb Available in Paging File | 84,75% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\Programme Drive C: | 75,78 Gb Total Space | 33,45 Gb Free Space | 44,14% Space Free | Partition Type: NTFS Drive D: | 67,16 Gb Total Space | 36,33 Gb Free Space | 54,10% Space Free | Partition Type: NTFS Drive E: | 89,95 Gb Total Space | 27,33 Gb Free Space | 30,39% Space Free | Partition Type: NTFS Drive F: | 4,38 Gb Total Space | 4,07 Gb Free Space | 93,01% Space Free | Partition Type: UDF2.00 Computer Name: FANTASY-CD380D2 | User Name: fantasy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\fantasy\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\VirProgramme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\VirProgramme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\VirProgramme\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\VirProgramme\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\VirProgramme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\VirProgramme\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\VirProgramme\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - D:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) PRC - D:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - D:\Programme\Gemeinsame Dateien\OptimalSuite Common\AMDSrv.exe (appsmaker) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Modules (No Company Name) ========== MOD - D:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () MOD - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - D:\Programme\Yuna Software\Messenger Plus!\Detour32.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\WINDOWS\system32\DLAAPI_W.DLL () ========== Services (SafeList) ========== SRV - (SQLAgent$SQLEXPRESS) -- File not found SRV - (MSSQLServerADHelper100) -- File not found SRV - (MSSQL$SQLEXPRESS) -- File not found SRV - (MozillaMaintenance) -- D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avgwd) -- C:\VirProgramme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVGIDSAgent) -- C:\VirProgramme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (JavaQuickStarterService) -- D:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (Apache2.2) -- E:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (mysql) -- E:\xampp\mysql\bin\mysqld.exe () SRV - (FileZilla Server) -- E:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project) SRV - (SpeedBoosterSvc) -- D:\Programme\Gemeinsame Dateien\OptimalSuite Common\BoostService.exe (appsmaker) SRV - (AMOptimalDiskService) -- D:\Programme\Gemeinsame Dateien\OptimalSuite Common\AMDSrv.exe (appsmaker) SRV - (DfSdkS) -- D:\Programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe (mst software GmbH, Germany) SRV - (LVPrcSrv) -- D:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- D:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (CobBMService) -- D:\Programme\Cobian Backup 8\cbService.exe (Luis Cobian) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (RoxLiveShare9) -- D:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions) SRV - (RoxMediaDB9) -- D:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions) SRV - (RoxWatch9) -- D:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 9) -- D:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUPnPRenderer9.exe (Sonic Solutions) SRV - (Roxio Upnp Server 9) -- D:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUpnpService9.exe (Sonic Solutions) SRV - (stllssvr) -- D:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (IDriverT) -- D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\7C.tmp File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (81635874) -- C:\WINDOWS\system32\drivers\81635874.sys (Kaspersky Lab ZAO) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (RsFx0105) -- C:\WINDOWS\system32\drivers\RsFx0105.sys (Microsoft Corporation) DRV - (HSPADataCardusbser) -- C:\WINDOWS\system32\drivers\HSPADataCardusbser.sys (HSPADataCard Incorporated) DRV - (HSPADataCardusbnmea) -- C:\WINDOWS\system32\drivers\HSPADataCardusbnmea.sys (HSPADataCard Incorporated) DRV - (HSPADataCardusbmdm) -- C:\WINDOWS\system32\drivers\HSPADataCardusbmdm.sys (HSPADataCard Incorporated) DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated) DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\WINDOWS\system32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.) DRV - (PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Sonic Solutions) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Sonic Solutions) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.travianer.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s IE - HKCU\..\SearchScopes,DefaultScope = {32A098B3-D9FA-4824-AB79-DF27D7C2E7DF} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{32A098B3-D9FA-4824-AB79-DF27D7C2E7DF}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKCU\..\SearchScopes\{33A09ABC-D2D4-4C9B-BA26-3FCB582BDAC7}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKCU\..\SearchScopes\{54055704-1A21-4727-92DC-244EC076F5A3}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{55ADD2A9-8054-4622-8CA0-DB1F29B55FE6}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.travianer.de" FF - prefs.js..extensions.enabledAddons: compatibility@addons.mozilla.org:1.1 FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.6.1 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6 FF - prefs.js..network.proxy.type: 4 FF - user.js..browser.search.openintab: false FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: D:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: D:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: D:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: D:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: D:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.25 19:41:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.11 15:53:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: D:\Programme\congstar\Internetmanager\Bin\addon [2010.04.01 13:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.10.19 15:36:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.10.19 15:35:55 | 000,000,000 | ---D | M] [2011.10.25 18:02:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\Mozilla\Extensions [2012.10.26 11:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\Mozilla\Firefox\Profiles\252wuhgh.default\extensions [2011.11.17 14:57:03 | 000,000,000 | ---D | M] (HP Detect) -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\Mozilla\Firefox\Profiles\252wuhgh.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2011.12.07 12:57:25 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\Mozilla\Firefox\Profiles\252wuhgh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.19 21:41:07 | 000,164,722 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\Mozilla\Firefox\Profiles\252wuhgh.default\extensions\compatibility@addons.mozilla.org.xpi [2012.10.26 11:38:48 | 002,042,937 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\Mozilla\Firefox\Profiles\252wuhgh.default\extensions\firebug@software.joehewitt.com.xpi [2012.10.27 10:29:26 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions [2011.12.06 15:09:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.10.19 15:36:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- D:\Programme\mozilla firefox\components\browsercomps.dll [2012.08.09 20:49:44 | 000,001,392 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.28 18:50:52 | 000,002,465 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\bing.xml [2012.08.09 20:49:44 | 000,001,153 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.08.09 20:49:44 | 000,006,805 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.09 20:49:44 | 000,001,178 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.09 20:49:44 | 000,001,105 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.23 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG_UI] C:\VirProgramme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PlusService] D:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [TkBellExe] D:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE1E89D2-8880-4C83-AF43-6140EFFF87DC}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\hgg.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\hgg.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.25 11:55:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\zdata\cobi.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (DfSDKBt) O34 - HKLM BootExecute: (C:\VirProgramme\AVG\AVG2013\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.31 13:22:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\fantasy\Desktop\OTL.exe [2012.10.30 08:34:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\Helloween [2012.10.29 18:33:07 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\fantasy\Recent [2012.10.29 12:01:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\TrojanHunter [2012.10.29 11:11:59 | 000,000,000 | ---D | C] -- D:\Programme\Panda Security [2012.10.29 11:11:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Panda Security [2012.10.29 09:57:17 | 000,000,000 | ---D | C] -- D:\Programme\TrojanHunter 5.5 [2012.10.28 18:22:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2012.10.28 18:08:58 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\81635874.sys [2012.10.28 16:31:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FarmFrenzy-PizzaParty [2012.10.28 12:55:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ANNO 1503 [2012.10.28 12:44:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\ANNOUPDATES [2012.10.27 20:46:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\AVG2013 [2012.10.27 19:36:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\TuneUp Software [2012.10.27 19:36:00 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.10.27 19:35:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2013 [2012.10.27 19:33:31 | 000,000,000 | ---D | C] -- C:\VirProgramme [2012.10.27 19:31:30 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2012.10.27 19:31:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Lokale Einstellungen\Anwendungsdaten\Avg2013 [2012.10.27 19:31:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Lokale Einstellungen\Anwendungsdaten\MFAData [2012.10.27 19:31:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2012.10.27 19:13:31 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys [2012.10.27 19:12:51 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.4c79.deleteme [2012.10.27 19:12:39 | 000,000,000 | ---D | C] -- D:\Programme\stinger [2012.10.27 14:58:06 | 000,708,960 | ---- | C] (Kaspersky Lab) -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\GetSystemInfo4.exe [2012.10.27 14:57:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab [2012.10.27 13:48:12 | 004,153,784 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\kavremover__1_345.exe [2012.10.27 10:26:12 | 004,870,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\kavremover.exe [2012.10.23 14:48:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\selbstgemalt [2012.10.23 12:51:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\NeueBilder [2012.10.19 15:35:41 | 000,000,000 | ---D | C] -- D:\Programme\Mozilla Firefox [2012.10.15 17:25:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\Sahmon Games [2012.10.15 17:17:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScreenSeven [2012.10.15 17:04:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intenium [2012.10.15 17:01:04 | 000,000,000 | ---D | C] -- D:\Programme\OXXOGames [2012.10.05 11:47:34 | 000,000,000 | ---D | C] -- D:\Programme\directx [2012.10.05 11:46:53 | 000,000,000 | ---D | C] -- D:\Programme\ANNO 1602 Königsedition [2012.10.05 02:26:22 | 000,093,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2012.10.02 02:30:38 | 000,159,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.31 13:22:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\fantasy\Desktop\OTL.exe [2012.10.31 13:21:49 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\defogger_reenable [2012.10.31 13:20:50 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\Defogger.exe [2012.10.31 13:00:29 | 000,013,750 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.31 13:00:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.29 14:02:55 | 000,070,027 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\ulib.rar [2012.10.29 11:16:18 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1935655697-682003330-1005.job [2012.10.29 11:16:18 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1935655697-682003330-1005.job [2012.10.29 11:12:11 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Panda Cloud Cleaner.lnk [2012.10.29 09:57:29 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll [2012.10.29 09:43:46 | 500,617,704 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien.rar [2012.10.28 19:33:36 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.10.28 19:33:36 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.10.28 19:31:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\avgui.INI [2012.10.28 19:09:26 | 000,597,348 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.28 19:09:26 | 000,571,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.28 19:09:26 | 000,132,648 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.28 19:09:26 | 000,114,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.28 18:11:06 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys [2012.10.28 16:23:31 | 000,000,653 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\Notepad++Portable.exe.lnk [2012.10.27 19:36:44 | 000,000,701 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2013.lnk [2012.10.27 19:12:49 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.4c79.deleteme [2012.10.27 18:09:14 | 000,000,636 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\ANNO 1503 spielen.lnk [2012.10.27 14:57:50 | 000,231,046 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\getsysteminfo4.zip [2012.10.27 13:48:22 | 004,153,784 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\kavremover__1_345.exe [2012.10.27 10:22:28 | 004,870,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\kavremover.exe [2012.10.27 10:06:08 | 000,000,471 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\Gemeinsamer Ordner für Sichere Umgebung.lnk [2012.10.23 13:31:05 | 000,002,104 | R--- | M] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\MeControlXXLUserTile.jpg [2012.10.21 16:15:39 | 000,002,089 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk [2012.10.21 10:20:02 | 000,001,150 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Disneys Der Schatzplanet Schlacht auf Prokion spielen.lnk [2012.10.21 10:20:02 | 000,000,541 | ---- | M] () -- C:\WINDOWS\Disney.ini [2012.10.21 10:14:07 | 000,000,195 | ---- | M] () -- C:\WINDOWS\disneysy.ini [2012.10.19 11:14:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\81635874.sys [2012.10.18 15:58:50 | 000,023,395 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\Picture 4.jpg [2012.10.15 17:09:05 | 000,000,667 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GAME CENTER.lnk [2012.10.14 12:07:48 | 000,000,694 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\anno_trn.exe.lnk [2012.10.11 20:03:07 | 000,093,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\photothumb.db [2012.10.07 16:14:45 | 000,000,694 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\1602Edit.exe.lnk [2012.10.07 16:14:35 | 000,000,678 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\1602.exe.lnk [2012.10.07 15:43:03 | 000,000,257 | -HS- | M] () -- C:\boot.ini [2012.10.05 02:26:22 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2012.10.02 02:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.31 13:21:49 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\defogger_reenable [2012.10.31 13:21:13 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\Defogger.exe [2012.10.29 14:02:55 | 000,070,027 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\ulib.rar [2012.10.29 11:12:11 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Panda Cloud Cleaner.lnk [2012.10.29 09:57:17 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll [2012.10.28 19:20:40 | 500,617,704 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien.rar [2012.10.28 16:23:31 | 000,000,653 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\Notepad++Portable.exe.lnk [2012.10.28 12:00:51 | 000,000,636 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\ANNO 1503 spielen.lnk [2012.10.27 21:45:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\avgui.INI [2012.10.27 19:36:44 | 000,000,701 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2013.lnk [2012.10.27 14:57:53 | 000,231,046 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\getsysteminfo4.zip [2012.10.27 10:06:08 | 000,000,471 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\Gemeinsamer Ordner für Sichere Umgebung.lnk [2012.10.23 13:32:40 | 000,002,104 | R--- | C] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\MeControlXXLUserTile.jpg [2012.10.21 10:20:02 | 000,001,150 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Disneys Der Schatzplanet Schlacht auf Prokion spielen.lnk [2012.10.21 10:20:02 | 000,000,541 | ---- | C] () -- C:\WINDOWS\Disney.ini [2012.10.21 10:14:07 | 000,000,195 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2012.10.15 17:04:39 | 000,000,667 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GAME CENTER.lnk [2012.10.14 12:07:48 | 000,000,694 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\anno_trn.exe.lnk [2012.10.07 16:14:45 | 000,000,694 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\1602Edit.exe.lnk [2012.10.07 16:14:35 | 000,000,678 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\1602.exe.lnk [2012.09.13 08:22:34 | 000,113,391 | ---- | C] () -- C:\WINDOWS\hpoins07.dat [2012.09.13 08:22:34 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat [2012.09.12 16:31:50 | 000,113,417 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp [2012.09.12 16:31:49 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp [2012.09.12 16:30:14 | 000,071,497 | ---- | C] () -- C:\WINDOWS\hpqins01.dat [2012.09.03 15:06:24 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2012.09.03 15:06:23 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2012.09.02 17:20:06 | 000,004,216 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Lokale Einstellungen\Anwendungsdaten\rx_audio.Cache [2012.09.01 11:18:33 | 000,124,161 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\VideoPad.dmp [2012.08.13 14:38:37 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini [2012.08.13 14:38:25 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini [2012.03.12 23:39:22 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat [2011.12.07 19:07:14 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\path [2011.12.01 00:45:31 | 000,512,968 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-796845957-1935655697-682003330-1005-0.dat [2011.12.01 00:45:31 | 000,238,422 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.11.27 17:01:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.11.17 18:52:57 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini [2011.11.17 18:51:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2011.11.17 17:49:43 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini [2011.11.17 17:36:02 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini [2011.11.01 16:19:54 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2011.11.01 16:19:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2011.11.01 11:57:41 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Lokale Einstellungen\Anwendungsdaten\rx_image.Cache [2011.10.30 11:53:32 | 000,000,472 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini [2011.10.26 18:00:56 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.10.26 08:48:18 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2011.10.25 20:39:08 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\winscp.rnd [2011.10.25 18:05:49 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.10.25 18:02:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.10.25 17:07:19 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2011.10.25 16:57:41 | 000,087,052 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.10.25 15:06:57 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2011.10.25 15:06:57 | 000,000,168 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.10.25 13:00:27 | 000,043,520 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.25 12:43:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.10.25 12:42:48 | 000,352,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.10.25 12:03:47 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2011.10.25 12:01:43 | 000,005,252 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011.10.25 12:01:42 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011.10.25 11:56:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.10.25 11:53:00 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2011.10.25 14:03:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\verloreneträumepuuzleteil.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\verloreneträume.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\hgg.bmp:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\hg.bmp:Roxio EMC Stream < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.10.2012 13:24:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\fantasy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 71,93% Memory free
4,59 Gb Paging File | 3,89 Gb Available in Paging File | 84,75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 75,78 Gb Total Space | 33,45 Gb Free Space | 44,14% Space Free | Partition Type: NTFS
Drive D: | 67,16 Gb Total Space | 36,33 Gb Free Space | 54,10% Space Free | Partition Type: NTFS
Drive E: | 89,95 Gb Total Space | 27,33 Gb Free Space | 30,39% Space Free | Partition Type: NTFS
Drive F: | 4,38 Gb Total Space | 4,07 Gb Free Space | 93,01% Space Free | Partition Type: UDF2.00
Computer Name: FANTASY-CD380D2 | User Name: fantasy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- D:\Programme\Safari\Safari.exe (Apple Inc.)
.js [@ = JSFile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "D:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "D:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "D:\Programme\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Programme\MediaMonkey\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Programme\MediaMonkey\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Programme\MediaMonkey\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OpenAsAWebSite] -- D:\Programme\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Programme\Windows Live\Messenger\wlcsdk.exe" = D:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\Programme\Windows Live\Messenger\msnmsgr.exe" = D:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Gemeinsame Dateien\AOL\Loader\aolload.exe" = D:\Programme\Gemeinsame Dateien\AOL\Loader\aolload.exe:*:Disabled:AOL Loader -- (AOL LLC)
"D:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = D:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)
"D:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = D:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = D:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"D:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = D:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)
"D:\Programme\HP\Digital Imaging\bin\hposid01.exe" = D:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = D:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"D:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = D:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe -- (Hewlett-Packard)
"D:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = D:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- ()
"D:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = D:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Disabled:hpqscnvw.exe -- ()
"D:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = D:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe -- (Hewlett-Packard Co.)
"D:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = D:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = D:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Disabled:WebKit -- (Apple Inc.)
"D:\Programme\Windows Live\Messenger\wlcsdk.exe" = D:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)
"D:\Programme\Windows Live\Messenger\msnmsgr.exe" = D:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = D:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\VirProgramme\AVG\AVG2013\avgnsx.exe" = C:\VirProgramme\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\VirProgramme\AVG\AVG2013\avgdiagex.exe" = C:\VirProgramme\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG-Diagnose 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\VirProgramme\AVG\AVG2013\avgmfapx.exe" = C:\VirProgramme\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\VirProgramme\AVG\AVG2013\avgemcx.exe" = C:\VirProgramme\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-Mail-Scanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{07AC2D83-E795-4AD5-970D-B9BD14A1E411}" = Microsoft ASP.NET MVC 3 - DEU
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{21E7A706-31FF-46AA-A294-FA4A8917B59F}" = Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2CE77981-14DE-4773-8106-27C9C964720C}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools - DEU
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CFFC382-6C23-42CB-8B1E-625F9F84E362}" = Microsoft ASP.NET Web Pages - VWD Express 2010 Tools
"{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013
"{4133D8A2-2148-4B50-BBF9-0465B1AAACB0}" = Microsoft ASP.NET Web Pages - VWD Express 2010 Tools - DEU
"{433E2032-D3E0-46FF-BAA4-0976F333C1E4}" = IIS 7.5 Express
"{465DE3B1-1207-4BBA-828A-0F3ABED81603}" = Disneys Der Schatzplanet: Schlacht auf Prokion
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56A8151B-D1B0-4FEE-86BD-14A777F9E73E}" = AVG 2013
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 6.3.7
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{66313DF7-25A0-46FD-A618-9A682891AF73}" = Roxio WinOnCD 9
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FC0FD9-BA3D-45B0-88AF-C39B4121A070}" = MP3Find pro V5.02
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{794D0801-770F-4F68-AD07-67C03BFD4A46}" = WebMatrixInstaller_DE_x86
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBFE52EF-59DB-4E56-BD6A-3788F7261A33}" = Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update - DEU
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E2B99809-4BDF-43E8-BECD-C6C54B6673A2}" = Microsoft WebMatrix
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDFEED02-FEB3-4E98-BAFF-69450C8E2703}" = UltraEdit 15.20
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"7-Zip" = 7-Zip 9.20
"Abenteuer von Luxor" = Abenteuer von Luxor
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_6" = AIM
"AllDup_is1" = AllDup 3.3.14
"Annabel" = Annabel
"appsmaker_optimalpc_is1" = appsmaker OptimalPC
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"AVG" = AVG 2013
"Azteca" = Azteca
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"CobBackup8" = Cobian Backup 8
"DeKnop_is1" = DeKnop 5.0
"Der Stein der Weisen" = Der Stein der Weisen
"DEUTSCHLAND SPIELT Spiele Post" = DEUTSCHLAND SPIELT Spiele Post
"Diamantenfee 2" = Diamantenfee 2
"Diamond Drop 2" = Diamond Drop 2
"DivX Setup" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Farm Frenzy 2" = Farm Frenzy 2
"FarmFrenzy Pizza Party" = FarmFrenzy Pizza Party
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.2.1125
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.2.1125
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Geheime Fälle: Die gestohlene Venus" = Geheime Fälle: Die gestohlene Venus
"Holly im Wunderland" = Holly im Wunderland
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IsoBuster_is1" = IsoBuster 3.0
"Luxor Amun Rising with Luxor" = Luxor Amun Rising with Luxor
"lvdrivers_11.80" = Logitech QuickCam-Treiberpaket
"Marble Pop 3D" = Marble Pop 3D
"MediaMonkey_is1" = MediaMonkey 3.2
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"MixPad" = MixPad Audiodatei-Mixer
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoIPDUC" = No-IP DUC
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OutlookExpressDatensicherung" = OEBackup - Outlook Express Datensicherung (Testversion)
"Pearl Poppers" = Pearl Poppers
"PhotoScape" = PhotoScape
"PhotoStage" = PhotoStage Slideshow Producer
"PirateVille" = PirateVille
"Prism" = Prism Videodatei-Konverter
"RealPlayer 12.0" = RealPlayer
"SAM3" = SAM3 (remove only)
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sprill" = Sprill
"Spur der Träume" = Spur der Träume
"SuperCopier2" = SuperCopier2
"TUGZip_is1" = TUGZip 3.5
"VideoPad" = VideoPad Videobearbeitungs-Software
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Audiobearbeitungs-Software
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.5
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World Voyage" = World Voyage
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.7.7
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.09.2012 11:34:59 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:37:44 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:39:32 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:39:54 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:40:21 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:41:16 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:41:25 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:42:17 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:44:15 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:44:23 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
[ System Events ]
Error - 28.10.2012 14:04:58 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 29.10.2012 10:01:38 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 29.10.2012 10:01:38 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 29.10.2012 10:45:38 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 29.10.2012 10:45:38 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 29.10.2012 10:45:38 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst LiveShare
P2P Server 9.
Error - 29.10.2012 10:52:05 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 29.10.2012 10:52:05 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 31.10.2012 08:01:13 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 31.10.2012 08:01:13 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
< End of report >
__________________ |
|
31.10.2012, 13:41
| #4 |
| | Seltsame Meldungen von angeblichen Virenschutzprogrammen die mich doch verunsichern ups...doppeltgepostet....muß mich an eure forenart gewöhnen als erstes mal vielen dank für die promte und schnelle antwort. crossposting gibt es bei mir nicht...ich weiß wie nervig und iritierend das werden kann, zudem suche ich mir ein forum aus, das sich in den threads als zimlich als kompetent anhört*g* außerdem bin ich ein sehr folgsamer mensch und mache das was mir "experten" raten, sonst würd ich mich nich an solche wenden.... so nun mal eins nach dem anderen... also ich habe mir den defogger auf den desctop geladen, wie geraten, habe den nach anweisung gestartet, in der defogger disable log steht eigentlich nichts drin, nur das: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:25 on 31/10/2012 (fantasy)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
2. der OTL hat wie gesagt zwei datein ausgegeben die erste nennt sich OTL.txt Code:
ATTFilter OTL logfile created on: 31.10.2012 13:24:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\fantasy\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 71,93% Memory free 4,59 Gb Paging File | 3,89 Gb Available in Paging File | 84,75% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\Programme Drive C: | 75,78 Gb Total Space | 33,45 Gb Free Space | 44,14% Space Free | Partition Type: NTFS Drive D: | 67,16 Gb Total Space | 36,33 Gb Free Space | 54,10% Space Free | Partition Type: NTFS Drive E: | 89,95 Gb Total Space | 27,33 Gb Free Space | 30,39% Space Free | Partition Type: NTFS Drive F: | 4,38 Gb Total Space | 4,07 Gb Free Space | 93,01% Space Free | Partition Type: UDF2.00 Computer Name: FANTASY-CD380D2 | User Name: fantasy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\fantasy\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\VirProgramme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\VirProgramme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\VirProgramme\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\VirProgramme\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\VirProgramme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\VirProgramme\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\VirProgramme\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - D:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) PRC - D:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - D:\Programme\Gemeinsame Dateien\OptimalSuite Common\AMDSrv.exe (appsmaker) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Modules (No Company Name) ========== MOD - D:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () MOD - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - D:\Programme\Yuna Software\Messenger Plus!\Detour32.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\WINDOWS\system32\DLAAPI_W.DLL () ========== Services (SafeList) ========== SRV - (SQLAgent$SQLEXPRESS) -- File not found SRV - (MSSQLServerADHelper100) -- File not found SRV - (MSSQL$SQLEXPRESS) -- File not found SRV - (MozillaMaintenance) -- D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avgwd) -- C:\VirProgramme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVGIDSAgent) -- C:\VirProgramme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (JavaQuickStarterService) -- D:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (Apache2.2) -- E:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (mysql) -- E:\xampp\mysql\bin\mysqld.exe () SRV - (FileZilla Server) -- E:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project) SRV - (SpeedBoosterSvc) -- D:\Programme\Gemeinsame Dateien\OptimalSuite Common\BoostService.exe (appsmaker) SRV - (AMOptimalDiskService) -- D:\Programme\Gemeinsame Dateien\OptimalSuite Common\AMDSrv.exe (appsmaker) SRV - (DfSdkS) -- D:\Programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe (mst software GmbH, Germany) SRV - (LVPrcSrv) -- D:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- D:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (CobBMService) -- D:\Programme\Cobian Backup 8\cbService.exe (Luis Cobian) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (RoxLiveShare9) -- D:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions) SRV - (RoxMediaDB9) -- D:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions) SRV - (RoxWatch9) -- D:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 9) -- D:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUPnPRenderer9.exe (Sonic Solutions) SRV - (Roxio Upnp Server 9) -- D:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUpnpService9.exe (Sonic Solutions) SRV - (stllssvr) -- D:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (IDriverT) -- D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\7C.tmp File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (81635874) -- C:\WINDOWS\system32\drivers\81635874.sys (Kaspersky Lab ZAO) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (RsFx0105) -- C:\WINDOWS\system32\drivers\RsFx0105.sys (Microsoft Corporation) DRV - (HSPADataCardusbser) -- C:\WINDOWS\system32\drivers\HSPADataCardusbser.sys (HSPADataCard Incorporated) DRV - (HSPADataCardusbnmea) -- C:\WINDOWS\system32\drivers\HSPADataCardusbnmea.sys (HSPADataCard Incorporated) DRV - (HSPADataCardusbmdm) -- C:\WINDOWS\system32\drivers\HSPADataCardusbmdm.sys (HSPADataCard Incorporated) DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated) DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\WINDOWS\system32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.) DRV - (PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Sonic Solutions) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Sonic Solutions) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.travianer.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s IE - HKCU\..\SearchScopes,DefaultScope = {32A098B3-D9FA-4824-AB79-DF27D7C2E7DF} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{32A098B3-D9FA-4824-AB79-DF27D7C2E7DF}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKCU\..\SearchScopes\{33A09ABC-D2D4-4C9B-BA26-3FCB582BDAC7}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKCU\..\SearchScopes\{54055704-1A21-4727-92DC-244EC076F5A3}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{55ADD2A9-8054-4622-8CA0-DB1F29B55FE6}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.travianer.de" FF - prefs.js..extensions.enabledAddons: compatibility@addons.mozilla.org:1.1 FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.6.1 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6 FF - prefs.js..network.proxy.type: 4 FF - user.js..browser.search.openintab: false FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: D:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: D:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: D:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: D:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: D:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.25 19:41:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.11 15:53:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: D:\Programme\congstar\Internetmanager\Bin\addon [2010.04.01 13:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.10.19 15:36:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.10.19 15:35:55 | 000,000,000 | ---D | M] [2011.10.25 18:02:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\Mozilla\Extensions [2012.10.26 11:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\Mozilla\Firefox\Profiles\252wuhgh.default\extensions [2011.11.17 14:57:03 | 000,000,000 | ---D | M] (HP Detect) -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\Mozilla\Firefox\Profiles\252wuhgh.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2011.12.07 12:57:25 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\Mozilla\Firefox\Profiles\252wuhgh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.19 21:41:07 | 000,164,722 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\Mozilla\Firefox\Profiles\252wuhgh.default\extensions\compatibility@addons.mozilla.org.xpi [2012.10.26 11:38:48 | 002,042,937 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\Mozilla\Firefox\Profiles\252wuhgh.default\extensions\firebug@software.joehewitt.com.xpi [2012.10.27 10:29:26 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions [2011.12.06 15:09:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.10.19 15:36:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- D:\Programme\mozilla firefox\components\browsercomps.dll [2012.08.09 20:49:44 | 000,001,392 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.28 18:50:52 | 000,002,465 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\bing.xml [2012.08.09 20:49:44 | 000,001,153 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.08.09 20:49:44 | 000,006,805 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.09 20:49:44 | 000,001,178 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.09 20:49:44 | 000,001,105 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.23 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG_UI] C:\VirProgramme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PlusService] D:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [TkBellExe] D:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE1E89D2-8880-4C83-AF43-6140EFFF87DC}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\hgg.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\hgg.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.25 11:55:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\zdata\cobi.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (DfSDKBt) O34 - HKLM BootExecute: (C:\VirProgramme\AVG\AVG2013\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.31 13:22:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\fantasy\Desktop\OTL.exe [2012.10.30 08:34:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\Helloween [2012.10.29 18:33:07 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\fantasy\Recent [2012.10.29 12:01:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\TrojanHunter [2012.10.29 11:11:59 | 000,000,000 | ---D | C] -- D:\Programme\Panda Security [2012.10.29 11:11:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Panda Security [2012.10.29 09:57:17 | 000,000,000 | ---D | C] -- D:\Programme\TrojanHunter 5.5 [2012.10.28 18:22:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2012.10.28 18:08:58 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\81635874.sys [2012.10.28 16:31:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FarmFrenzy-PizzaParty [2012.10.28 12:55:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ANNO 1503 [2012.10.28 12:44:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\ANNOUPDATES [2012.10.27 20:46:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\AVG2013 [2012.10.27 19:36:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\TuneUp Software [2012.10.27 19:36:00 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.10.27 19:35:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2013 [2012.10.27 19:33:31 | 000,000,000 | ---D | C] -- C:\VirProgramme [2012.10.27 19:31:30 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2012.10.27 19:31:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Lokale Einstellungen\Anwendungsdaten\Avg2013 [2012.10.27 19:31:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Lokale Einstellungen\Anwendungsdaten\MFAData [2012.10.27 19:31:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2012.10.27 19:13:31 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys [2012.10.27 19:12:51 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.4c79.deleteme [2012.10.27 19:12:39 | 000,000,000 | ---D | C] -- D:\Programme\stinger [2012.10.27 14:58:06 | 000,708,960 | ---- | C] (Kaspersky Lab) -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\GetSystemInfo4.exe [2012.10.27 14:57:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab [2012.10.27 13:48:12 | 004,153,784 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\kavremover__1_345.exe [2012.10.27 10:26:12 | 004,870,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\kavremover.exe [2012.10.23 14:48:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\selbstgemalt [2012.10.23 12:51:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\NeueBilder [2012.10.19 15:35:41 | 000,000,000 | ---D | C] -- D:\Programme\Mozilla Firefox [2012.10.15 17:25:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\Sahmon Games [2012.10.15 17:17:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScreenSeven [2012.10.15 17:04:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intenium [2012.10.15 17:01:04 | 000,000,000 | ---D | C] -- D:\Programme\OXXOGames [2012.10.05 11:47:34 | 000,000,000 | ---D | C] -- D:\Programme\directx [2012.10.05 11:46:53 | 000,000,000 | ---D | C] -- D:\Programme\ANNO 1602 Königsedition [2012.10.05 02:26:22 | 000,093,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2012.10.02 02:30:38 | 000,159,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.31 13:22:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\fantasy\Desktop\OTL.exe [2012.10.31 13:21:49 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\defogger_reenable [2012.10.31 13:20:50 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\Defogger.exe [2012.10.31 13:00:29 | 000,013,750 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.31 13:00:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.29 14:02:55 | 000,070,027 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\ulib.rar [2012.10.29 11:16:18 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1935655697-682003330-1005.job [2012.10.29 11:16:18 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1935655697-682003330-1005.job [2012.10.29 11:12:11 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Panda Cloud Cleaner.lnk [2012.10.29 09:57:29 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll [2012.10.29 09:43:46 | 500,617,704 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien.rar [2012.10.28 19:33:36 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.10.28 19:33:36 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.10.28 19:31:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\avgui.INI [2012.10.28 19:09:26 | 000,597,348 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.28 19:09:26 | 000,571,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.28 19:09:26 | 000,132,648 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.28 19:09:26 | 000,114,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.28 18:11:06 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys [2012.10.28 16:23:31 | 000,000,653 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\Notepad++Portable.exe.lnk [2012.10.27 19:36:44 | 000,000,701 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2013.lnk [2012.10.27 19:12:49 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.4c79.deleteme [2012.10.27 18:09:14 | 000,000,636 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\ANNO 1503 spielen.lnk [2012.10.27 14:57:50 | 000,231,046 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\getsysteminfo4.zip [2012.10.27 13:48:22 | 004,153,784 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\kavremover__1_345.exe [2012.10.27 10:22:28 | 004,870,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\kavremover.exe [2012.10.27 10:06:08 | 000,000,471 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\Gemeinsamer Ordner für Sichere Umgebung.lnk [2012.10.23 13:31:05 | 000,002,104 | R--- | M] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\MeControlXXLUserTile.jpg [2012.10.21 16:15:39 | 000,002,089 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk [2012.10.21 10:20:02 | 000,001,150 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Disneys Der Schatzplanet Schlacht auf Prokion spielen.lnk [2012.10.21 10:20:02 | 000,000,541 | ---- | M] () -- C:\WINDOWS\Disney.ini [2012.10.21 10:14:07 | 000,000,195 | ---- | M] () -- C:\WINDOWS\disneysy.ini [2012.10.19 11:14:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\81635874.sys [2012.10.18 15:58:50 | 000,023,395 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\Picture 4.jpg [2012.10.15 17:09:05 | 000,000,667 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GAME CENTER.lnk [2012.10.14 12:07:48 | 000,000,694 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\anno_trn.exe.lnk [2012.10.11 20:03:07 | 000,093,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\photothumb.db [2012.10.07 16:14:45 | 000,000,694 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\1602Edit.exe.lnk [2012.10.07 16:14:35 | 000,000,678 | ---- | M] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\1602.exe.lnk [2012.10.07 15:43:03 | 000,000,257 | -HS- | M] () -- C:\boot.ini [2012.10.05 02:26:22 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2012.10.02 02:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.31 13:21:49 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\defogger_reenable [2012.10.31 13:21:13 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\Defogger.exe [2012.10.29 14:02:55 | 000,070,027 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\ulib.rar [2012.10.29 11:12:11 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Panda Cloud Cleaner.lnk [2012.10.29 09:57:17 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll [2012.10.28 19:20:40 | 500,617,704 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien.rar [2012.10.28 16:23:31 | 000,000,653 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\Notepad++Portable.exe.lnk [2012.10.28 12:00:51 | 000,000,636 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\ANNO 1503 spielen.lnk [2012.10.27 21:45:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\avgui.INI [2012.10.27 19:36:44 | 000,000,701 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2013.lnk [2012.10.27 14:57:53 | 000,231,046 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\getsysteminfo4.zip [2012.10.27 10:06:08 | 000,000,471 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\Gemeinsamer Ordner für Sichere Umgebung.lnk [2012.10.23 13:32:40 | 000,002,104 | R--- | C] () -- C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\MeControlXXLUserTile.jpg [2012.10.21 10:20:02 | 000,001,150 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Disneys Der Schatzplanet Schlacht auf Prokion spielen.lnk [2012.10.21 10:20:02 | 000,000,541 | ---- | C] () -- C:\WINDOWS\Disney.ini [2012.10.21 10:14:07 | 000,000,195 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2012.10.15 17:04:39 | 000,000,667 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GAME CENTER.lnk [2012.10.14 12:07:48 | 000,000,694 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\anno_trn.exe.lnk [2012.10.07 16:14:45 | 000,000,694 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\1602Edit.exe.lnk [2012.10.07 16:14:35 | 000,000,678 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Desktop\1602.exe.lnk [2012.09.13 08:22:34 | 000,113,391 | ---- | C] () -- C:\WINDOWS\hpoins07.dat [2012.09.13 08:22:34 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat [2012.09.12 16:31:50 | 000,113,417 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp [2012.09.12 16:31:49 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp [2012.09.12 16:30:14 | 000,071,497 | ---- | C] () -- C:\WINDOWS\hpqins01.dat [2012.09.03 15:06:24 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2012.09.03 15:06:23 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2012.09.02 17:20:06 | 000,004,216 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Lokale Einstellungen\Anwendungsdaten\rx_audio.Cache [2012.09.01 11:18:33 | 000,124,161 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\VideoPad.dmp [2012.08.13 14:38:37 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini [2012.08.13 14:38:25 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini [2012.03.12 23:39:22 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat [2011.12.07 19:07:14 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\path [2011.12.01 00:45:31 | 000,512,968 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-796845957-1935655697-682003330-1005-0.dat [2011.12.01 00:45:31 | 000,238,422 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.11.27 17:01:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.11.17 18:52:57 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini [2011.11.17 18:51:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2011.11.17 17:49:43 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini [2011.11.17 17:36:02 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini [2011.11.01 16:19:54 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2011.11.01 16:19:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2011.11.01 11:57:41 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Lokale Einstellungen\Anwendungsdaten\rx_image.Cache [2011.10.30 11:53:32 | 000,000,472 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini [2011.10.26 18:00:56 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.10.26 08:48:18 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2011.10.25 20:39:08 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Anwendungsdaten\winscp.rnd [2011.10.25 18:05:49 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.10.25 18:02:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.10.25 17:07:19 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2011.10.25 16:57:41 | 000,087,052 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.10.25 15:06:57 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2011.10.25 15:06:57 | 000,000,168 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.10.25 13:00:27 | 000,043,520 | ---- | C] () -- C:\Dokumente und Einstellungen\fantasy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.25 12:43:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.10.25 12:42:48 | 000,352,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.10.25 12:03:47 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2011.10.25 12:01:43 | 000,005,252 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011.10.25 12:01:42 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011.10.25 11:56:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.10.25 11:53:00 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2011.10.25 14:03:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\verloreneträumepuuzleteil.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\verloreneträume.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\hgg.bmp:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\fantasy\Eigene Dateien\hg.bmp:Roxio EMC Stream < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.10.2012 13:24:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\fantasy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 71,93% Memory free
4,59 Gb Paging File | 3,89 Gb Available in Paging File | 84,75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 75,78 Gb Total Space | 33,45 Gb Free Space | 44,14% Space Free | Partition Type: NTFS
Drive D: | 67,16 Gb Total Space | 36,33 Gb Free Space | 54,10% Space Free | Partition Type: NTFS
Drive E: | 89,95 Gb Total Space | 27,33 Gb Free Space | 30,39% Space Free | Partition Type: NTFS
Drive F: | 4,38 Gb Total Space | 4,07 Gb Free Space | 93,01% Space Free | Partition Type: UDF2.00
Computer Name: FANTASY-CD380D2 | User Name: fantasy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- D:\Programme\Safari\Safari.exe (Apple Inc.)
.js [@ = JSFile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "D:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "D:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "D:\Programme\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Programme\MediaMonkey\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Programme\MediaMonkey\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Programme\MediaMonkey\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OpenAsAWebSite] -- D:\Programme\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Programme\Windows Live\Messenger\wlcsdk.exe" = D:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\Programme\Windows Live\Messenger\msnmsgr.exe" = D:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Gemeinsame Dateien\AOL\Loader\aolload.exe" = D:\Programme\Gemeinsame Dateien\AOL\Loader\aolload.exe:*:Disabled:AOL Loader -- (AOL LLC)
"D:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = D:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)
"D:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = D:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = D:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"D:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = D:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)
"D:\Programme\HP\Digital Imaging\bin\hposid01.exe" = D:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = D:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"D:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = D:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe -- (Hewlett-Packard)
"D:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = D:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- ()
"D:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = D:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Disabled:hpqscnvw.exe -- ()
"D:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = D:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe -- (Hewlett-Packard Co.)
"D:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = D:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = D:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Disabled:WebKit -- (Apple Inc.)
"D:\Programme\Windows Live\Messenger\wlcsdk.exe" = D:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)
"D:\Programme\Windows Live\Messenger\msnmsgr.exe" = D:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = D:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\VirProgramme\AVG\AVG2013\avgnsx.exe" = C:\VirProgramme\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\VirProgramme\AVG\AVG2013\avgdiagex.exe" = C:\VirProgramme\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG-Diagnose 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\VirProgramme\AVG\AVG2013\avgmfapx.exe" = C:\VirProgramme\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\VirProgramme\AVG\AVG2013\avgemcx.exe" = C:\VirProgramme\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-Mail-Scanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{07AC2D83-E795-4AD5-970D-B9BD14A1E411}" = Microsoft ASP.NET MVC 3 - DEU
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{21E7A706-31FF-46AA-A294-FA4A8917B59F}" = Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2CE77981-14DE-4773-8106-27C9C964720C}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools - DEU
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CFFC382-6C23-42CB-8B1E-625F9F84E362}" = Microsoft ASP.NET Web Pages - VWD Express 2010 Tools
"{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013
"{4133D8A2-2148-4B50-BBF9-0465B1AAACB0}" = Microsoft ASP.NET Web Pages - VWD Express 2010 Tools - DEU
"{433E2032-D3E0-46FF-BAA4-0976F333C1E4}" = IIS 7.5 Express
"{465DE3B1-1207-4BBA-828A-0F3ABED81603}" = Disneys Der Schatzplanet: Schlacht auf Prokion
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56A8151B-D1B0-4FEE-86BD-14A777F9E73E}" = AVG 2013
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 6.3.7
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{66313DF7-25A0-46FD-A618-9A682891AF73}" = Roxio WinOnCD 9
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FC0FD9-BA3D-45B0-88AF-C39B4121A070}" = MP3Find pro V5.02
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{794D0801-770F-4F68-AD07-67C03BFD4A46}" = WebMatrixInstaller_DE_x86
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBFE52EF-59DB-4E56-BD6A-3788F7261A33}" = Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update - DEU
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E2B99809-4BDF-43E8-BECD-C6C54B6673A2}" = Microsoft WebMatrix
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDFEED02-FEB3-4E98-BAFF-69450C8E2703}" = UltraEdit 15.20
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"7-Zip" = 7-Zip 9.20
"Abenteuer von Luxor" = Abenteuer von Luxor
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_6" = AIM
"AllDup_is1" = AllDup 3.3.14
"Annabel" = Annabel
"appsmaker_optimalpc_is1" = appsmaker OptimalPC
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"AVG" = AVG 2013
"Azteca" = Azteca
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"CobBackup8" = Cobian Backup 8
"DeKnop_is1" = DeKnop 5.0
"Der Stein der Weisen" = Der Stein der Weisen
"DEUTSCHLAND SPIELT Spiele Post" = DEUTSCHLAND SPIELT Spiele Post
"Diamantenfee 2" = Diamantenfee 2
"Diamond Drop 2" = Diamond Drop 2
"DivX Setup" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Farm Frenzy 2" = Farm Frenzy 2
"FarmFrenzy Pizza Party" = FarmFrenzy Pizza Party
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.2.1125
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.2.1125
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Geheime Fälle: Die gestohlene Venus" = Geheime Fälle: Die gestohlene Venus
"Holly im Wunderland" = Holly im Wunderland
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IsoBuster_is1" = IsoBuster 3.0
"Luxor Amun Rising with Luxor" = Luxor Amun Rising with Luxor
"lvdrivers_11.80" = Logitech QuickCam-Treiberpaket
"Marble Pop 3D" = Marble Pop 3D
"MediaMonkey_is1" = MediaMonkey 3.2
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"MixPad" = MixPad Audiodatei-Mixer
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoIPDUC" = No-IP DUC
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OutlookExpressDatensicherung" = OEBackup - Outlook Express Datensicherung (Testversion)
"Pearl Poppers" = Pearl Poppers
"PhotoScape" = PhotoScape
"PhotoStage" = PhotoStage Slideshow Producer
"PirateVille" = PirateVille
"Prism" = Prism Videodatei-Konverter
"RealPlayer 12.0" = RealPlayer
"SAM3" = SAM3 (remove only)
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sprill" = Sprill
"Spur der Träume" = Spur der Träume
"SuperCopier2" = SuperCopier2
"TUGZip_is1" = TUGZip 3.5
"VideoPad" = VideoPad Videobearbeitungs-Software
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Audiobearbeitungs-Software
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.5
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World Voyage" = World Voyage
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.7.7
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.09.2012 11:34:59 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:37:44 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:39:32 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:39:54 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:40:21 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:41:16 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:41:25 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:42:17 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:44:15 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
Error - 12.09.2012 11:44:23 | Computer Name = FANTASY-CD380D2 | Source = MsiInstaller | ID = 11706
Description =
[ System Events ]
Error - 28.10.2012 14:04:58 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 29.10.2012 10:01:38 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 29.10.2012 10:01:38 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 29.10.2012 10:45:38 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 29.10.2012 10:45:38 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 29.10.2012 10:45:38 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst LiveShare
P2P Server 9.
Error - 29.10.2012 10:52:05 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 29.10.2012 10:52:05 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 31.10.2012 08:01:13 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 31.10.2012 08:01:13 | Computer Name = FANTASY-CD380D2 | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
< End of report >
__________________ wer nen fehler findet darf ihn behalten, aber bitte beachten: 3xtgl. mit tipex füttern sonst melde ich es dem fehlkerschutzbund Geändert von fantasy (31.10.2012 um 13:43 Uhr) Grund: bitte um löschung des doppelposts... |
|
31.10.2012, 13:47
| #5 |
| /// Malwareteam | Seltsame Meldungen von angeblichen Virenschutzprogrammen die mich doch verunsichern Schritt 1: Gmer Bitte
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
31.10.2012, 15:48
| #6 |
| | Seltsame Meldungen von angeblichen Virenschutzprogrammen die mich doch verunsichern der scan vom GMER dauert noch etwas...aber ne frage zwischen reingeworfen... soll ich die log vom GMER auch posten?
__________________ --> Seltsame Meldungen von angeblichen Virenschutzprogrammen die mich doch verunsichern |
|
31.10.2012, 15:58
| #7 |
| /// Malwareteam | Seltsame Meldungen von angeblichen Virenschutzprogrammen die mich doch verunsichern Na sowas, da fehlt eine Zeile. Ja, bitte auch posten!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
31.10.2012, 18:28
| #8 |
| | Seltsame Meldungen von angeblichen Virenschutzprogrammen die mich doch verunsichern hmmm...der scan dauert wohl noch ewig, weiß nich wann der fertig ist und wie lang jemand da ist.... so hier mal die log vom GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-31 20:51:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-10 MAXTOR_STM3250310AS rev.4.AAA
Running: oji1tvy2.exe; Driver: C:\DOKUME~1\fantasy\LOKALE~1\Temp\kfqdifoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xB727E14A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xB727E21A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB727DD7C]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0xB727DF6A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0xB727E000]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB727DE32]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB727DECE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB727E09C]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB99D5360, 0x30ACA7, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB5C1C300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF77F7300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text D:\Programme\Real\RealPlayer\update\realsched.exe[1764] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 280A7750 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 280A75B0 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 280A7530 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 280A7800 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 280A7630 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 280A7870 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 280A6D70 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 280A76C0 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] ADVAPI32.dll!CryptDeriveKey 77DB9FFD 7 Bytes JMP 280A6870 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 280A68D0 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] USER32.dll!GetWindowLongW 7E3688A6 7 Bytes JMP 280AEB40 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 280AA080 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes JMP 280AE0F0 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 280AE240 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] USER32.dll!LoadImageW 7E377B97 5 Bytes JMP 280AE890 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 280A91E0 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] USER32.dll!SetWindowRgn 7E37E528 7 Bytes JMP 280AE190 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] USER32.dll!LoadIconW 7E37E8BC 5 Bytes JMP 280AEA10 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 280AE470 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 280AA7A0 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 280B6EC0 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] WS2_32.dll!send 71A14C27 5 Bytes JMP 280B6B80 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 280B69D0 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] WS2_32.dll!recv 71A1676F 5 Bytes JMP 280B68A0 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 280B6CF0 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] SHELL32.dll!Shell_NotifyIconW 7E6DA537 5 Bytes JMP 280A8540 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] ole32.dll!CoCreateInstance 774CF1AC 5 Bytes JMP 280A7E50 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] ole32.dll!CoInitializeEx 774D1473 5 Bytes JMP 280A7AD0 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] ole32.dll!CoRegisterClassObject 774E79C0 5 Bytes JMP 280A7BD0 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 280B5A40 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 280B5B80 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] WININET.dll!HttpOpenRequestA 408CD508 5 Bytes JMP 280B58E0 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text D:\Programme\Windows Live\Messenger\msnmsgr.exe[1988] WININET.dll!HttpSendRequestA 408DEE91 5 Bytes JMP 280B5AE0 D:\Programme\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.sys (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter 21:05:51.0296 2420 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:05:51.0312 2420 ============================================================
21:05:51.0312 2420 Current date / time: 2012/10/31 21:05:51.0312
21:05:51.0312 2420 SystemInfo:
21:05:51.0312 2420
21:05:51.0312 2420 OS Version: 5.1.2600 ServicePack: 3.0
21:05:51.0312 2420 Product type: Workstation
21:05:51.0312 2420 ComputerName: FANTASY-CD380D2
21:05:51.0312 2420 UserName: fantasy
21:05:51.0312 2420 Windows directory: C:\WINDOWS
21:05:51.0312 2420 System windows directory: C:\WINDOWS
21:05:51.0312 2420 Processor architecture: Intel x86
21:05:51.0312 2420 Number of processors: 1
21:05:51.0312 2420 Page size: 0x1000
21:05:51.0312 2420 Boot type: Normal boot
21:05:51.0312 2420 ============================================================
21:05:52.0687 2420 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x339E3, SectorsPerTrack: 0x23, TracksPerCylinder: 0x42, Type 'K0', Flags 0x00000054
21:05:52.0687 2420 ============================================================
21:05:52.0687 2420 \Device\Harddisk0\DR0:
21:05:52.0687 2420 MBR partitions:
21:05:52.0687 2420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x864F800
21:05:52.0687 2420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8650000, BlocksNum 0x9791000
21:05:52.0687 2420 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11DE1000, BlocksNum 0xB3E47DA
21:05:52.0687 2420 ============================================================
21:05:52.0734 2420 C: <-> \Device\Harddisk0\DR0\Partition2
21:05:52.0765 2420 D: <-> \Device\Harddisk0\DR0\Partition1
21:05:52.0859 2420 E: <-> \Device\Harddisk0\DR0\Partition3
21:05:52.0859 2420 ============================================================
21:05:52.0859 2420 Initialize success
21:05:52.0859 2420 ============================================================
21:06:55.0796 1688 ============================================================
21:06:55.0796 1688 Scan started
21:06:55.0796 1688 Mode: Manual;
21:06:55.0796 1688 ============================================================
21:06:56.0140 1688 ================ Scan system memory ========================
21:06:56.0140 1688 System memory - ok
21:06:56.0156 1688 ================ Scan services =============================
21:06:56.0250 1688 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] 81635874 C:\WINDOWS\system32\DRIVERS\81635874.sys
21:06:56.0265 1688 81635874 - ok
21:06:56.0265 1688 Abiosdsk - ok
21:06:56.0281 1688 abp480n5 - ok
21:06:56.0312 1688 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:06:56.0328 1688 ACPI - ok
21:06:56.0343 1688 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:06:56.0343 1688 ACPIEC - ok
21:06:56.0359 1688 adpu160m - ok
21:06:56.0390 1688 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:06:56.0390 1688 aec - ok
21:06:56.0437 1688 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:06:56.0437 1688 AFD - ok
21:06:56.0437 1688 Aha154x - ok
21:06:56.0453 1688 aic78u2 - ok
21:06:56.0468 1688 aic78xx - ok
21:06:56.0500 1688 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:06:56.0500 1688 Alerter - ok
21:06:56.0515 1688 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
21:06:56.0515 1688 ALG - ok
21:06:56.0531 1688 AliIde - ok
21:06:56.0562 1688 [ 58BE3C2F1AA041EA56F7305A6463035C ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:06:56.0562 1688 AmdK8 - ok
21:06:56.0765 1688 [ B127BAF3A33BA9940FBBEEFA4FCAED1B ] AMOptimalDiskService D:\Programme\Gemeinsame Dateien\OptimalSuite Common\AMDSrv.exe
21:06:56.0812 1688 AMOptimalDiskService - ok
21:06:56.0828 1688 amsint - ok
21:06:56.0953 1688 [ F41E453A90EF19217CEE1675F5256EE7 ] Apache2.2 E:\xampp\apache\bin\httpd.exe
21:06:56.0953 1688 Apache2.2 - ok
21:06:56.0968 1688 asc - ok
21:06:56.0968 1688 asc3350p - ok
21:06:56.0984 1688 asc3550 - ok
21:06:57.0093 1688 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:06:57.0093 1688 aspnet_state - ok
21:06:57.0125 1688 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:06:57.0125 1688 AsyncMac - ok
21:06:57.0156 1688 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:06:57.0156 1688 atapi - ok
21:06:57.0156 1688 Atdisk - ok
21:06:57.0203 1688 [ 6E996CF8459A2594E0E9609D0E34D41F ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
21:06:57.0203 1688 atksgt - ok
21:06:57.0234 1688 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:06:57.0234 1688 Atmarpc - ok
21:06:57.0265 1688 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:06:57.0265 1688 AudioSrv - ok
21:06:57.0296 1688 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:06:57.0296 1688 audstub - ok
21:06:57.0515 1688 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\VirProgramme\AVG\AVG2013\avgidsagent.exe
21:06:57.0625 1688 AVGIDSAgent - ok
21:06:57.0640 1688 [ 2F47851015D8837976E481F6DAA46A67 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
21:06:57.0640 1688 AVGIDSDriver - ok
21:06:57.0671 1688 [ 303BDE0DCDC04CE597C6C1CD06C6F186 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
21:06:57.0671 1688 AVGIDSHX - ok
21:06:57.0687 1688 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
21:06:57.0687 1688 AVGIDSShim - ok
21:06:57.0718 1688 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:06:57.0718 1688 Avgldx86 - ok
21:06:57.0734 1688 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
21:06:57.0734 1688 Avglogx - ok
21:06:57.0750 1688 [ 6DF7236D3A16C8417FF72F2EB2ADD244 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:06:57.0750 1688 Avgmfx86 - ok
21:06:57.0781 1688 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:06:57.0781 1688 Avgrkx86 - ok
21:06:57.0796 1688 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:06:57.0796 1688 Avgtdix - ok
21:06:57.0828 1688 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\VirProgramme\AVG\AVG2013\avgwdsvc.exe
21:06:57.0828 1688 avgwd - ok
21:06:57.0875 1688 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:06:57.0875 1688 Beep - ok
21:06:57.0921 1688 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
21:06:57.0937 1688 BITS - ok
21:06:57.0984 1688 [ 70CD6D71FC48BBBD1385D7B35AEADECC ] BMLoad C:\WINDOWS\system32\drivers\BMLoad.sys
21:06:57.0984 1688 BMLoad - ok
21:06:58.0015 1688 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
21:06:58.0015 1688 Browser - ok
21:06:58.0046 1688 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:06:58.0046 1688 cbidf2k - ok
21:06:58.0062 1688 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:06:58.0062 1688 CCDECODE - ok
21:06:58.0078 1688 cd20xrnt - ok
21:06:58.0093 1688 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:06:58.0109 1688 Cdaudio - ok
21:06:58.0140 1688 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:06:58.0140 1688 Cdfs - ok
21:06:58.0171 1688 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:06:58.0171 1688 Cdrom - ok
21:06:58.0171 1688 Changer - ok
21:06:58.0218 1688 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:06:58.0218 1688 CiSvc - ok
21:06:58.0234 1688 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:06:58.0234 1688 ClipSrv - ok
21:06:58.0281 1688 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:06:58.0281 1688 clr_optimization_v2.0.50727_32 - ok
21:06:58.0312 1688 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:06:58.0312 1688 clr_optimization_v4.0.30319_32 - ok
21:06:58.0328 1688 CmdIde - ok
21:06:58.0390 1688 [ C75FB47DD2857B6D8A994F7F993069AF ] CobBMService D:\Programme\Cobian Backup 8\cbService.exe
21:06:58.0406 1688 CobBMService - ok
21:06:58.0406 1688 COMSysApp - ok
21:06:58.0421 1688 Cpqarray - ok
21:06:58.0468 1688 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:06:58.0468 1688 CryptSvc - ok
21:06:58.0468 1688 dac2w2k - ok
21:06:58.0484 1688 dac960nt - ok
21:06:58.0531 1688 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:06:58.0531 1688 DcomLaunch - ok
21:06:58.0578 1688 [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS D:\Programme\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
21:06:58.0593 1688 DfSdkS - ok
21:06:58.0625 1688 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:06:58.0625 1688 Dhcp - ok
21:06:58.0656 1688 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:06:58.0656 1688 Disk - ok
21:06:58.0718 1688 [ 7A1E8F722479EF934D71798AC3617ED7 ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS
21:06:58.0718 1688 DLABMFSM - ok
21:06:58.0734 1688 [ 2281B5C596C04645426B3771A3BD5657 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:06:58.0734 1688 DLABOIOM - ok
21:06:58.0734 1688 [ 43749294A1D9F22FE164A62C1A42919D ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:06:58.0734 1688 DLACDBHM - ok
21:06:58.0765 1688 [ 5C359AE31B3386AF70CA7BDB3C5266B0 ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS
21:06:58.0765 1688 DLADResM - ok
21:06:58.0765 1688 [ E0FBAF0146BFCEEC29F31F07452DB4AD ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:06:58.0765 1688 DLAIFS_M - ok
21:06:58.0781 1688 [ D3CE0C76496A5332032399639485774F ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:06:58.0781 1688 DLAOPIOM - ok
21:06:58.0796 1688 [ FCE1882364D4C324B937A841EF9C58AC ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:06:58.0796 1688 DLAPoolM - ok
21:06:58.0796 1688 [ 14183A8EFF683EB0C1774802578ED0F4 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
21:06:58.0796 1688 DLARTL_M - ok
21:06:58.0812 1688 [ 2EF8C92AB8411589387845F58534C7D9 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:06:58.0812 1688 DLAUDFAM - ok
21:06:58.0828 1688 [ A2096FD7B5037085A3DC580E2891D2C4 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:06:58.0828 1688 DLAUDF_M - ok
21:06:58.0828 1688 dmadmin - ok
21:06:58.0859 1688 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:06:58.0875 1688 dmboot - ok
21:06:58.0890 1688 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:06:58.0890 1688 dmio - ok
21:06:58.0921 1688 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:06:58.0921 1688 dmload - ok
21:06:58.0937 1688 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:06:58.0953 1688 dmserver - ok
21:06:58.0984 1688 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:06:58.0984 1688 DMusic - ok
21:06:59.0015 1688 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:06:59.0015 1688 Dnscache - ok
21:06:59.0062 1688 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:06:59.0062 1688 Dot3svc - ok
21:06:59.0078 1688 dpti2o - ok
21:06:59.0093 1688 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:06:59.0093 1688 drmkaud - ok
21:06:59.0140 1688 [ 1FB11E1EAC27668754FD18A079CCCFB3 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
21:06:59.0140 1688 drvmcdb - ok
21:06:59.0171 1688 [ 9628DFA16B1A47615C65318F8776F233 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:06:59.0171 1688 DRVNDDM - ok
21:06:59.0203 1688 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:06:59.0203 1688 EapHost - ok
21:06:59.0234 1688 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
21:06:59.0234 1688 Eventlog - ok
21:06:59.0281 1688 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
21:06:59.0296 1688 EventSystem - ok
21:06:59.0328 1688 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:06:59.0328 1688 Fastfat - ok
21:06:59.0375 1688 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:06:59.0375 1688 FastUserSwitchingCompatibility - ok
21:06:59.0390 1688 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:06:59.0390 1688 Fdc - ok
21:06:59.0468 1688 [ BF72C20B44B85FD030AEAA721E35D512 ] FileZilla Server E:\xampp\FileZillaFTP\FileZillaServer.exe
21:06:59.0484 1688 FileZilla Server - ok
21:06:59.0500 1688 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:06:59.0500 1688 Fips - ok
21:06:59.0515 1688 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:06:59.0515 1688 Flpydisk - ok
21:06:59.0546 1688 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:06:59.0546 1688 FltMgr - ok
21:06:59.0593 1688 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:06:59.0593 1688 FontCache3.0.0.0 - ok
21:06:59.0625 1688 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:06:59.0625 1688 Fs_Rec - ok
21:06:59.0640 1688 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:06:59.0640 1688 Ftdisk - ok
21:06:59.0656 1688 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:06:59.0656 1688 Gpc - ok
21:06:59.0671 1688 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:06:59.0687 1688 HDAudBus - ok
21:06:59.0718 1688 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:06:59.0718 1688 helpsvc - ok
21:06:59.0750 1688 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
21:06:59.0750 1688 HidServ - ok
21:06:59.0765 1688 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:06:59.0765 1688 hidusb - ok
21:06:59.0796 1688 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:06:59.0796 1688 hkmsvc - ok
21:06:59.0812 1688 hpn - ok
21:06:59.0843 1688 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:06:59.0843 1688 HPZid412 - ok
21:06:59.0859 1688 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:06:59.0859 1688 HPZipr12 - ok
21:06:59.0875 1688 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:06:59.0875 1688 HPZius12 - ok
21:06:59.0906 1688 [ 69CFE473434102D3FB12DBC7FDA0D2A7 ] HSPADataCardusbmdm C:\WINDOWS\system32\DRIVERS\HSPADataCardusbmdm.sys
21:06:59.0906 1688 HSPADataCardusbmdm - ok
21:06:59.0921 1688 [ 69CFE473434102D3FB12DBC7FDA0D2A7 ] HSPADataCardusbnmea C:\WINDOWS\system32\DRIVERS\HSPADataCardusbnmea.sys
21:06:59.0921 1688 HSPADataCardusbnmea - ok
21:06:59.0937 1688 [ 69CFE473434102D3FB12DBC7FDA0D2A7 ] HSPADataCardusbser C:\WINDOWS\system32\DRIVERS\HSPADataCardusbser.sys
21:06:59.0937 1688 HSPADataCardusbser - ok
21:06:59.0984 1688 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:06:59.0984 1688 HTTP - ok
21:07:00.0015 1688 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:07:00.0015 1688 HTTPFilter - ok
21:07:00.0015 1688 i2omgmt - ok
21:07:00.0031 1688 i2omp - ok
21:07:00.0062 1688 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:07:00.0062 1688 i8042prt - ok
21:07:00.0125 1688 [ 6F95324909B502E2651442C1548AB12F ] IDriverT D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:07:00.0125 1688 IDriverT - ok
21:07:00.0187 1688 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:07:00.0203 1688 idsvc - ok
21:07:00.0250 1688 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:07:00.0250 1688 Imapi - ok
21:07:00.0296 1688 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
21:07:00.0296 1688 ImapiService - ok
21:07:00.0312 1688 ini910u - ok
21:07:00.0453 1688 [ 19D3781892A3794672CD1962F3D8D3B8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:07:00.0500 1688 IntcAzAudAddService - ok
21:07:00.0500 1688 IntelIde - ok
21:07:00.0546 1688 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:07:00.0546 1688 Ip6Fw - ok
21:07:00.0578 1688 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:07:00.0578 1688 IpFilterDriver - ok
21:07:00.0593 1688 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:07:00.0593 1688 IpInIp - ok
21:07:00.0625 1688 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:07:00.0625 1688 IpNat - ok
21:07:00.0640 1688 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:07:00.0640 1688 IPSec - ok
21:07:00.0671 1688 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:07:00.0671 1688 IRENUM - ok
21:07:00.0687 1688 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:07:00.0703 1688 isapnp - ok
21:07:00.0765 1688 [ 92E16F5D034E7864DA308BA6309A98B7 ] JavaQuickStarterService D:\Programme\Java\jre7\bin\jqs.exe
21:07:00.0765 1688 JavaQuickStarterService - ok
21:07:00.0812 1688 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:07:00.0812 1688 Kbdclass - ok
21:07:00.0859 1688 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:07:00.0859 1688 kbdhid - ok
21:07:00.0890 1688 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:07:00.0906 1688 kmixer - ok
21:07:00.0937 1688 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:07:00.0937 1688 KSecDD - ok
21:07:00.0968 1688 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:07:00.0968 1688 lanmanserver - ok
21:07:01.0015 1688 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:07:01.0015 1688 lanmanworkstation - ok
21:07:01.0031 1688 lbrtfdc - ok
21:07:01.0078 1688 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
21:07:01.0078 1688 lirsgt - ok
21:07:01.0109 1688 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:07:01.0109 1688 LmHosts - ok
21:07:01.0171 1688 [ 38440FE1A65B1FE3D246C5C4CAD22F53 ] LVCOMSer D:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
21:07:01.0187 1688 LVCOMSer - ok
21:07:01.0218 1688 [ A6919138F29AE45E90E99FA94737E04C ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
21:07:01.0218 1688 LVPr2Mon - ok
21:07:01.0250 1688 [ 28BD0E4B6C050B591B8CB35B9AD284E6 ] LVPrcSrv D:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
21:07:01.0250 1688 LVPrcSrv - ok
21:07:01.0281 1688 [ B895839B8743E400D7C7DAE156F74E7E ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
21:07:01.0296 1688 LVRS - ok
21:07:01.0328 1688 [ 23F8EF78BB9553E465A476F3CEE5CA18 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
21:07:01.0343 1688 LVUSBSta - ok
21:07:01.0359 1688 [ D5673785903639D186DC345FF86F423F ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
21:07:01.0375 1688 massfilter - ok
21:07:01.0375 1688 MEMSWEEP2 - ok
21:07:01.0406 1688 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:07:01.0421 1688 mnmdd - ok
21:07:01.0453 1688 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:07:01.0453 1688 mnmsrvc - ok
21:07:01.0468 1688 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:07:01.0468 1688 Modem - ok
21:07:01.0500 1688 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:07:01.0500 1688 Mouclass - ok
21:07:01.0515 1688 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:07:01.0515 1688 mouhid - ok
21:07:01.0531 1688 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:07:01.0531 1688 MountMgr - ok
21:07:01.0578 1688 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:07:01.0578 1688 MozillaMaintenance - ok
21:07:01.0593 1688 mraid35x - ok
21:07:01.0609 1688 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:07:01.0609 1688 MRxDAV - ok
21:07:01.0671 1688 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:07:01.0671 1688 MRxSmb - ok
21:07:01.0687 1688 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:07:01.0687 1688 MSDTC - ok
21:07:01.0718 1688 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:07:01.0718 1688 Msfs - ok
21:07:01.0718 1688 MSIServer - ok
21:07:01.0734 1688 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:07:01.0734 1688 MSKSSRV - ok
21:07:01.0750 1688 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:07:01.0765 1688 MSPCLOCK - ok
21:07:01.0781 1688 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:07:01.0781 1688 MSPQM - ok
21:07:01.0796 1688 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:07:01.0796 1688 mssmbios - ok
21:07:01.0812 1688 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:07:01.0828 1688 MSTEE - ok
21:07:01.0843 1688 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:07:01.0843 1688 Mup - ok
21:07:01.0890 1688 mysql - ok
21:07:01.0921 1688 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:07:01.0921 1688 NABTSFEC - ok
21:07:01.0953 1688 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
21:07:01.0968 1688 napagent - ok
21:07:01.0984 1688 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:07:02.0000 1688 NDIS - ok
21:07:02.0015 1688 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:07:02.0015 1688 NdisIP - ok
21:07:02.0046 1688 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:07:02.0046 1688 NdisTapi - ok
21:07:02.0062 1688 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:07:02.0062 1688 Ndisuio - ok
21:07:02.0062 1688 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:07:02.0078 1688 NdisWan - ok
21:07:02.0109 1688 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:07:02.0109 1688 NDProxy - ok
21:07:02.0156 1688 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:07:02.0156 1688 NetBIOS - ok
21:07:02.0203 1688 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:07:02.0203 1688 NetBT - ok
21:07:02.0234 1688 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
21:07:02.0234 1688 NetDDE - ok
21:07:02.0250 1688 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:07:02.0250 1688 NetDDEdsdm - ok
21:07:02.0281 1688 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:07:02.0281 1688 Netlogon - ok
21:07:02.0312 1688 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
21:07:02.0328 1688 Netman - ok
21:07:02.0359 1688 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:07:02.0359 1688 NetTcpPortSharing - ok
21:07:02.0390 1688 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
21:07:02.0390 1688 Nla - ok
21:07:02.0406 1688 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:07:02.0406 1688 Npfs - ok
21:07:02.0453 1688 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:07:02.0453 1688 Ntfs - ok
21:07:02.0468 1688 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:07:02.0468 1688 NtLmSsp - ok
21:07:02.0531 1688 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:07:02.0531 1688 NtmsSvc - ok
21:07:02.0562 1688 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:07:02.0562 1688 Null - ok
21:07:02.0750 1688 [ 430F3783943C61B1CD7010FE84DF3674 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:07:02.0796 1688 nv - ok
21:07:02.0843 1688 [ 70217A23470F4BB4C8FB4ABE06813081 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:07:02.0843 1688 NVENETFD - ok
21:07:02.0859 1688 [ BE8513730653384939A4D2D977C81027 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:07:02.0859 1688 nvnetbus - ok
21:07:02.0859 1688 [ 03DBB885DEAE94F06C06EC06ACDB8B47 ] nvsmu C:\WINDOWS\system32\DRIVERS\nvsmu.sys
21:07:02.0859 1688 nvsmu - ok
21:07:02.0890 1688 [ B9E3304492D817B2D5BC0FFD18F18512 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
21:07:02.0890 1688 NVSvc - ok
21:07:02.0906 1688 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:07:02.0906 1688 NwlnkFlt - ok
21:07:02.0937 1688 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:07:02.0937 1688 NwlnkFwd - ok
21:07:02.0984 1688 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:07:02.0984 1688 ose - ok
21:07:03.0015 1688 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:07:03.0015 1688 Parport - ok
21:07:03.0046 1688 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:07:03.0046 1688 PartMgr - ok
21:07:03.0093 1688 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:07:03.0093 1688 ParVdm - ok
21:07:03.0109 1688 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:07:03.0109 1688 PCI - ok
21:07:03.0125 1688 PCIDump - ok
21:07:03.0140 1688 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:07:03.0140 1688 PCIIde - ok
21:07:03.0171 1688 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:07:03.0171 1688 Pcmcia - ok
21:07:03.0187 1688 PDCOMP - ok
21:07:03.0203 1688 PDFRAME - ok
21:07:03.0203 1688 PDRELI - ok
21:07:03.0218 1688 PDRFRAME - ok
21:07:03.0234 1688 [ A05F0D7419CF4680EEDD5736E6549E7B ] pepifilter C:\WINDOWS\system32\DRIVERS\lv302af.sys
21:07:03.0234 1688 pepifilter - ok
21:07:03.0250 1688 perc2 - ok
21:07:03.0250 1688 perc2hib - ok
21:07:03.0359 1688 [ 4BB5AC2DD485B8EEFCCB977EE66A68AD ] PID_PEPI C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
21:07:03.0406 1688 PID_PEPI - ok
21:07:03.0421 1688 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
21:07:03.0437 1688 PlugPlay - ok
21:07:03.0468 1688 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
21:07:03.0468 1688 Pml Driver HPZ12 - ok
21:07:03.0484 1688 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:07:03.0484 1688 PolicyAgent - ok
21:07:03.0531 1688 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:07:03.0531 1688 PptpMiniport - ok
21:07:03.0546 1688 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:07:03.0546 1688 Processor - ok
21:07:03.0562 1688 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:07:03.0562 1688 ProtectedStorage - ok
21:07:03.0562 1688 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:07:03.0578 1688 PSched - ok
21:07:03.0593 1688 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:07:03.0593 1688 Ptilink - ok
21:07:03.0640 1688 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:07:03.0640 1688 PxHelp20 - ok
21:07:03.0656 1688 ql1080 - ok
21:07:03.0671 1688 Ql10wnt - ok
21:07:03.0671 1688 ql12160 - ok
21:07:03.0687 1688 ql1240 - ok
21:07:03.0687 1688 ql1280 - ok
21:07:03.0718 1688 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:07:03.0718 1688 RasAcd - ok
21:07:03.0750 1688 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:07:03.0750 1688 RasAuto - ok
21:07:03.0781 1688 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:07:03.0781 1688 Rasl2tp - ok
21:07:03.0812 1688 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:07:03.0812 1688 RasMan - ok
21:07:03.0828 1688 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:07:03.0828 1688 RasPppoe - ok
21:07:03.0859 1688 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:07:03.0859 1688 Raspti - ok
21:07:03.0875 1688 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:07:03.0875 1688 Rdbss - ok
21:07:03.0890 1688 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:07:03.0890 1688 RDPCDD - ok
21:07:03.0937 1688 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:07:03.0937 1688 RDPWD - ok
21:07:03.0968 1688 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:07:03.0984 1688 RDSessMgr - ok
21:07:04.0000 1688 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:07:04.0000 1688 redbook - ok
21:07:04.0031 1688 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:07:04.0046 1688 RemoteAccess - ok
21:07:04.0078 1688 [ A189A928896F240FE5247BE60623FC07 ] Roxio UPnP Renderer 9 D:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUPnPRenderer9.exe
21:07:04.0078 1688 Roxio UPnP Renderer 9 - ok
21:07:04.0125 1688 [ FDD632F943F2650EE7928FF6841CB6B2 ] Roxio Upnp Server 9 D:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUpnpService9.exe
21:07:04.0125 1688 Roxio Upnp Server 9 - ok
21:07:04.0203 1688 [ A6A0C81E275AE2EBA46DDE1216A9E557 ] RoxLiveShare9 D:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
21:07:04.0203 1688 RoxLiveShare9 - ok
21:07:04.0250 1688 [ B3868BB4948D1F6579FA1906C038424E ] RoxMediaDB9 D:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
21:07:04.0281 1688 RoxMediaDB9 - ok
21:07:04.0296 1688 [ 3C2449D45AEDE29B06050557EFA2F5E1 ] RoxWatch9 D:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
21:07:04.0296 1688 RoxWatch9 - ok
21:07:04.0328 1688 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:07:04.0328 1688 RpcLocator - ok
21:07:04.0375 1688 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:07:04.0375 1688 RpcSs - ok
21:07:04.0421 1688 [ 6A7360E36CBD636972AEEF0DD292A946 ] RsFx0105 C:\WINDOWS\system32\DRIVERS\RsFx0105.sys
21:07:04.0421 1688 RsFx0105 - ok
21:07:04.0468 1688 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:07:04.0468 1688 RSVP - ok
21:07:04.0484 1688 [ 78F204F3A885DE987D41B12F9BB8DFFB ] RxFilter C:\WINDOWS\system32\DRIVERS\RxFilter.sys
21:07:04.0500 1688 RxFilter - ok
21:07:04.0515 1688 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
21:07:04.0515 1688 SamSs - ok
21:07:04.0546 1688 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:07:04.0562 1688 SCardSvr - ok
21:07:04.0593 1688 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:07:04.0593 1688 Schedule - ok
21:07:04.0625 1688 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:07:04.0625 1688 Secdrv - ok
21:07:04.0656 1688 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
21:07:04.0656 1688 seclogon - ok
21:07:04.0656 1688 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
21:07:04.0671 1688 SENS - ok
21:07:04.0687 1688 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:07:04.0687 1688 serenum - ok
21:07:04.0734 1688 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:07:04.0734 1688 Serial - ok
21:07:04.0765 1688 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:07:04.0781 1688 Sfloppy - ok
21:07:04.0812 1688 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:07:04.0812 1688 SharedAccess - ok
21:07:04.0843 1688 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:07:04.0843 1688 ShellHWDetection - ok
21:07:04.0859 1688 Simbad - ok
21:07:04.0875 1688 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:07:04.0875 1688 SLIP - ok
21:07:04.0890 1688 Sparrow - ok
21:07:04.0984 1688 [ 46E3C063672F7BC5878866549A0E58E1 ] SpeedBoosterSvc D:\Programme\Gemeinsame Dateien\OptimalSuite Common\BoostService.exe
21:07:05.0031 1688 SpeedBoosterSvc - ok
21:07:05.0062 1688 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:07:05.0062 1688 splitter - ok
21:07:05.0109 1688 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:07:05.0109 1688 Spooler - ok
21:07:05.0140 1688 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:07:05.0140 1688 sr - ok
21:07:05.0171 1688 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
21:07:05.0187 1688 srservice - ok
21:07:05.0203 1688 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:07:05.0218 1688 Srv - ok
21:07:05.0234 1688 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:07:05.0234 1688 SSDPSRV - ok
21:07:05.0265 1688 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:07:05.0281 1688 stisvc - ok
21:07:05.0312 1688 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr D:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
21:07:05.0312 1688 stllssvr - ok
21:07:05.0359 1688 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:07:05.0359 1688 streamip - ok
21:07:05.0375 1688 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:07:05.0375 1688 swenum - ok
21:07:05.0390 1688 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:07:05.0390 1688 swmidi - ok
21:07:05.0406 1688 SwPrv - ok
21:07:05.0421 1688 symc810 - ok
21:07:05.0421 1688 symc8xx - ok
21:07:05.0437 1688 sym_hi - ok
21:07:05.0453 1688 sym_u3 - ok
21:07:05.0468 1688 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:07:05.0468 1688 sysaudio - ok
21:07:05.0500 1688 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:07:05.0500 1688 SysmonLog - ok
21:07:05.0515 1688 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:07:05.0531 1688 TapiSrv - ok
21:07:05.0562 1688 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:07:05.0562 1688 Tcpip - ok
21:07:05.0578 1688 [ 74905EBCBB8CBDB1F3C0B1778BBCB4BC ] tcpipBM C:\WINDOWS\system32\drivers\tcpipBM.sys
21:07:05.0578 1688 tcpipBM - ok
21:07:05.0609 1688 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:07:05.0609 1688 TDPIPE - ok
21:07:05.0640 1688 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:07:05.0640 1688 TDTCP - ok
21:07:05.0656 1688 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:07:05.0656 1688 TermDD - ok
21:07:05.0687 1688 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
21:07:05.0703 1688 TermService - ok
21:07:05.0718 1688 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:07:05.0734 1688 Themes - ok
21:07:05.0734 1688 TosIde - ok
21:07:05.0765 1688 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:07:05.0765 1688 TrkWks - ok
21:07:05.0796 1688 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:07:05.0796 1688 Udfs - ok
21:07:05.0812 1688 ultra - ok
21:07:05.0859 1688 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:07:05.0859 1688 Update - ok
21:07:05.0890 1688 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:07:05.0906 1688 upnphost - ok
21:07:05.0921 1688 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
21:07:05.0921 1688 UPS - ok
21:07:05.0953 1688 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:07:05.0953 1688 usbaudio - ok
21:07:05.0968 1688 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:07:05.0968 1688 usbccgp - ok
21:07:06.0000 1688 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:07:06.0000 1688 usbehci - ok
21:07:06.0015 1688 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:07:06.0015 1688 usbhub - ok
21:07:06.0031 1688 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:07:06.0031 1688 usbohci - ok
21:07:06.0046 1688 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:07:06.0046 1688 usbprint - ok
21:07:06.0062 1688 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:07:06.0078 1688 usbscan - ok
21:07:06.0093 1688 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:07:06.0093 1688 USBSTOR - ok
21:07:06.0125 1688 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:07:06.0125 1688 VgaSave - ok
21:07:06.0125 1688 ViaIde - ok
21:07:06.0171 1688 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:07:06.0171 1688 VolSnap - ok
21:07:06.0203 1688 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
21:07:06.0218 1688 VSS - ok
21:07:06.0234 1688 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
21:07:06.0250 1688 W32Time - ok
21:07:06.0265 1688 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:07:06.0265 1688 Wanarp - ok
21:07:06.0281 1688 WDICA - ok
21:07:06.0296 1688 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:07:06.0296 1688 wdmaud - ok
21:07:06.0343 1688 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:07:06.0343 1688 WebClient - ok
21:07:06.0421 1688 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:07:06.0421 1688 winmgmt - ok
21:07:06.0468 1688 [ F10075C2EC96D2EB118012E78ECE2FC2 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
21:07:06.0500 1688 WinRM - ok
21:07:06.0546 1688 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:07:06.0546 1688 WmdmPmSN - ok
21:07:06.0578 1688 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:07:06.0578 1688 WmiAcpi - ok
21:07:06.0625 1688 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:07:06.0625 1688 WmiApSrv - ok
21:07:06.0687 1688 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc D:\Programme\Windows Media Player\WMPNetwk.exe
21:07:06.0718 1688 WMPNetworkSvc - ok
21:07:06.0750 1688 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:07:06.0750 1688 WpdUsb - ok
21:07:06.0812 1688 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:07:06.0828 1688 WPFFontCache_v0400 - ok
21:07:06.0859 1688 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:07:06.0859 1688 wscsvc - ok
21:07:06.0875 1688 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:07:06.0875 1688 WSTCODEC - ok
21:07:06.0890 1688 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:07:06.0906 1688 wuauserv - ok
21:07:06.0921 1688 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:07:06.0921 1688 WudfPf - ok
21:07:06.0953 1688 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:07:06.0953 1688 WudfRd - ok
21:07:06.0984 1688 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:07:06.0984 1688 WudfSvc - ok
21:07:07.0031 1688 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:07:07.0046 1688 WZCSVC - ok
21:07:07.0078 1688 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:07:07.0093 1688 xmlprov - ok
21:07:07.0109 1688 ================ Scan global ===============================
21:07:07.0140 1688 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:07:07.0156 1688 [ 77A50BBD2A1CD6D54A876BB63570E2A8 ] C:\WINDOWS\system32\winsrv.dll
21:07:07.0187 1688 [ 77A50BBD2A1CD6D54A876BB63570E2A8 ] C:\WINDOWS\system32\winsrv.dll
21:07:07.0203 1688 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:07:07.0218 1688 [Global] - ok
21:07:07.0218 1688 ================ Scan MBR ==================================
21:07:07.0234 1688 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:07:07.0375 1688 \Device\Harddisk0\DR0 - ok
21:07:07.0375 1688 ================ Scan VBR ==================================
21:07:07.0406 1688 [ 7F075CC97832AC92173B3B581F354664 ] \Device\Harddisk0\DR0\Partition1
21:07:07.0406 1688 \Device\Harddisk0\DR0\Partition1 - ok
21:07:07.0406 1688 [ 645D4BF87D33984E3CC405958F6C2886 ] \Device\Harddisk0\DR0\Partition2
21:07:07.0406 1688 \Device\Harddisk0\DR0\Partition2 - ok
21:07:07.0437 1688 [ FBFBBC8DABE3DEDCE002B104A0A7206A ] \Device\Harddisk0\DR0\Partition3
21:07:07.0437 1688 \Device\Harddisk0\DR0\Partition3 - ok
21:07:07.0437 1688 ============================================================
21:07:07.0437 1688 Scan finished
21:07:07.0437 1688 ============================================================
21:07:07.0453 2556 Detected object count: 0
21:07:07.0453 2556 Actual detected object count: 0
__________________ wer nen fehler findet darf ihn behalten, aber bitte beachten: 3xtgl. mit tipex füttern sonst melde ich es dem fehlkerschutzbund |
|
02.11.2012, 18:11
| #9 |
| | Seltsame Meldungen von angeblichen Virenschutzprogrammen die mich doch verunsichern na toll also hab jetzt ne meldung, das ich 8 infizierte datein habe wovon unteranderem zwei hijacker sein sollen...verzweifle schon, da ich das system nicht neu aufsetzen will, da ich mit diesem pc arbeite und nicht alle programme ständig neu einstellen will....
__________________ wer nen fehler findet darf ihn behalten, aber bitte beachten: 3xtgl. mit tipex füttern sonst melde ich es dem fehlkerschutzbund |
|
05.11.2012, 14:22
| #10 |
| /// Malwareteam | Seltsame Meldungen von angeblichen Virenschutzprogrammen die mich doch verunsichern Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
Hybrid-Darstellung
