|
Plagegeister aller Art und deren Bekämpfung: Lufthansa Spam - Anhang geöffnetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.12.2012, 20:44 | #1 |
| Lufthansa Spam - Anhang geöffnet Hallo, ich habe etwas in geistiger Umnachtung den Anhang einer solchen hier schon mehrmals erwähnten Lufthansa Spam Mail geöffnet. Es ist daraufhin nichts passiert und ich war erstmal nur sehr skeptisch, als ich daraufhin mit Rechtsklick gesehen habe, dass es eine Anwendung ist. Ich kann seitdem immernoch nichts weiter berichten, aber da ich heute doch mal eine Suchmaschine benutzt habe und gleich so viele Hinweise auf einen Trojaner kamen, habe ich mit Avira einen vollständigen Scan gemacht, bei dem allerdings nichts gefunden wurde... Mittlerweile bin ich schon ganz verwirrt, ob ich den Anhang auf dem einen oder auf dem anderen Gerät geöffnet habe - ich bin gerade dabei, die 3 Schritte auch noch auf dem anderen Gerät durchzuführen. Da ich eben auch Online-Banking benutze, wäre es sehr nett, Hilfe von euch zu bekommen, damit ich nichts übersehe. Vielen Dank! |
19.12.2012, 20:57 | #2 | ||
/// TB-Ausbilder | Lufthansa Spam - Anhang geöffnetIch werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Gelesen und verstanden?
__________________ |
19.12.2012, 21:06 | #3 |
| Lufthansa Spam - Anhang geöffnet Hab alles gelesen, was soll ich als erstes machen?
__________________Tut mir leid, dass ich die Log-Dateien gezippt habe, hab es erst in einen Kommentar gepackt und da wurde es mir als zu groß angezeigt...nun nochmal wie beschrieben und aufgeteilt, zweiter Versuch OTL.txt Code:
ATTFilter OTL logfile created on: 19.12.2012 20:12:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christina\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,60 Gb Total Physical Memory | 4,75 Gb Available Physical Memory | 62,44% Memory free 15,21 Gb Paging File | 12,28 Gb Available in Paging File | 80,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 679,59 Gb Total Space | 493,75 Gb Free Space | 72,65% Space Free | Partition Type: NTFS Drive D: | 448,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 603,42 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive Q: | 17,58 Gb Total Space | 4,08 Gb Free Space | 23,23% Space Free | Partition Type: NTFS Drive S: | 1,46 Gb Total Space | 1,11 Gb Free Space | 75,47% Space Free | Partition Type: NTFS Computer Name: CHRISTINA-THINK | User Name: Christina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.19 20:00:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe PRC - [2012.12.11 13:29:50 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 13:29:14 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.11 13:29:13 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.10.10 21:27:58 | 004,276,488 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe PRC - [2012.10.10 21:27:04 | 000,050,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe PRC - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2012.08.08 13:40:54 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.04.11 22:16:00 | 000,128,576 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe PRC - [2012.04.10 17:43:00 | 000,175,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe PRC - [2012.04.10 17:42:54 | 000,283,984 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe PRC - [2012.04.10 17:42:50 | 000,061,264 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2012.04.10 17:42:36 | 000,058,192 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2012.04.10 04:41:54 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe PRC - [2012.03.20 10:16:08 | 000,247,872 | ---- | M] () -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE PRC - [2012.03.06 23:49:18 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.03.06 23:49:16 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.03.06 23:49:08 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.03.06 23:49:04 | 000,163,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.24 10:53:10 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe PRC - [2012.02.21 18:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012.02.21 18:55:22 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2012.02.21 18:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012.02.21 18:55:16 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2012.01.25 08:44:56 | 000,567,360 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2012.01.17 07:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe PRC - [2012.01.04 20:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.12.29 11:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2011.12.24 16:19:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.12.22 20:37:14 | 000,145,224 | ---- | M] (AuthenTec Inc.) -- C:\Programme\AuthenTec TrueSuite\x86\BioMonitor.exe PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.07.12 08:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2011.01.07 05:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe PRC - [2011.01.05 10:09:52 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2008.01.10 11:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll MOD - [2012.11.15 03:49:29 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\791ea4e71e86a0a99695a5de8dc0293d\UIAutomationProvider.ni.dll MOD - [2012.11.15 03:49:27 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\3a22463ff5ea82aca46118514b66f595\PresentationFramework-SystemXml.ni.dll MOD - [2012.11.15 03:06:11 | 018,514,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\95d80d60f6cf752f4b3ebfea4b9e048b\PresentationFramework.ni.dll MOD - [2012.11.15 03:06:02 | 010,899,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9a25eeaaff0cb93fd1fd5e71d1197f8c\PresentationCore.ni.dll MOD - [2012.11.15 03:05:56 | 003,919,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\660dfbde20b15c030feaee98dff22e9a\WindowsBase.ni.dll MOD - [2012.11.15 03:05:55 | 001,877,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f5aa4fa575818da2d2368078278f6914\System.Xaml.ni.dll MOD - [2012.11.15 03:05:54 | 000,460,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\5e778f0315618bce54af337923a2878e\PresentationFramework.Aero.ni.dll MOD - [2012.11.15 03:04:57 | 012,698,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9bdb4c79a92cdb8367e7cde8a0a03b6b\System.Windows.Forms.ni.dll MOD - [2012.11.15 03:04:51 | 007,556,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\35f91452ffac1c2ad949cbcddc0f7029\System.Xml.ni.dll MOD - [2012.11.15 03:04:51 | 007,012,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5f887ad283c6d2af0d9b1c97448f8700\System.Core.ni.dll MOD - [2012.11.15 03:04:51 | 000,706,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\e35df6a0700f63274de2917f7568c5ad\System.Security.ni.dll MOD - [2012.11.15 03:04:51 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\d80f88821a1a7b9478ed67f394c097e5\System.Configuration.Install.ni.dll MOD - [2012.11.15 03:04:50 | 000,957,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4ea1417fc47ade8a1ae468ba28aa80c3\System.Configuration.ni.dll MOD - [2012.11.15 03:04:48 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\22c13f914390c478c451cd8bc214a967\System.ServiceProcess.ni.dll MOD - [2012.11.15 03:04:47 | 001,629,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4bb175e41e813de377127a4b3bd367dd\System.Drawing.ni.dll MOD - [2012.11.15 03:04:46 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\9e9466fbb29aa10c27e12167f9acbeae\System.Management.ni.dll MOD - [2012.11.15 03:04:44 | 009,924,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\b7b5f1e6013d835cf4edb4acc40ce5dc\System.ni.dll MOD - [2012.08.19 10:48:18 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0f9f7c59ea8dec7b05254ed444849190\UIAutomationTypes.ni.dll MOD - [2012.08.18 12:11:26 | 016,531,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bcee5d59d5cc1be6caddd114461e60b6\mscorlib.ni.dll MOD - [2012.08.08 13:40:54 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe MOD - [2011.12.22 20:37:18 | 000,823,112 | ---- | M] () -- C:\Programme\AuthenTec TrueSuite\x86\DataManager.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.02.29 07:15:08 | 000,048,704 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2011.12.28 21:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2010.12.17 09:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV - [2012.12.11 13:29:50 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 13:29:14 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.06 13:35:09 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.10 21:27:04 | 000,050,440 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe -- (intelsba) SRV - [2012.09.27 21:49:52 | 000,021,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2012.08.08 13:43:35 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Christina\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2012.08.08 13:40:54 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru) SRV - [2012.08.01 16:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.18 19:07:26 | 000,127,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service) SRV - [2012.05.18 18:24:50 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc) SRV - [2012.04.30 17:17:38 | 000,104,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.04.11 22:16:00 | 001,665,088 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc) SRV - [2012.04.11 22:16:00 | 001,662,528 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2012.04.10 17:43:00 | 000,175,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM) SRV - [2012.04.10 17:42:50 | 000,061,264 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2012.04.10 17:42:36 | 000,058,192 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2012.04.10 04:41:54 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService) SRV - [2012.03.20 10:16:08 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE -- (ICQ Service) SRV - [2012.03.06 23:49:18 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.03.06 23:49:16 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.03.06 23:49:08 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.03.06 23:49:04 | 000,163,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.26 04:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.02.26 04:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.02.26 04:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.02.26 04:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.02.21 18:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012.02.21 18:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012.02.21 18:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012.02.11 07:55:04 | 000,129,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2012.02.09 08:10:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.02 13:28:32 | 000,145,472 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc) SRV - [2012.01.17 15:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2012.01.17 07:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService) SRV - [2012.01.09 11:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.12.29 11:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2011.12.24 16:19:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.12.22 20:36:54 | 000,313,672 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Programme\AuthenTec TrueSuite\TrueSuiteService.exe -- (FPLService) SRV - [2011.11.09 19:11:05 | 008,447,848 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService) SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.07.12 08:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2011.07.12 08:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011.07.12 08:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011.01.07 05:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.01.10 11:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 13:29:59 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 13:29:59 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.01 20:21:36 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.15 14:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2012.08.15 14:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2012.08.15 14:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2012.08.15 14:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2012.08.15 14:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2012.08.01 16:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2012.08.01 16:10:24 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2012.07.07 04:17:55 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.06 11:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2012.07.06 11:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock) DRV:64bit: - [2012.07.04 12:48:00 | 000,093,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetndis64.sys -- (andnetndis) DRV:64bit: - [2012.07.03 10:58:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetadb.sys -- (andnetadb) DRV:64bit: - [2012.07.03 10:50:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem) DRV:64bit: - [2012.07.03 10:50:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag) DRV:64bit: - [2012.06.05 15:03:52 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.06.05 05:04:14 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb) DRV:64bit: - [2012.04.11 22:16:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2012.04.02 05:40:50 | 000,428,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.02.29 07:14:48 | 000,042,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2012.02.20 11:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.02.16 15:19:42 | 000,216,064 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:64bit: - [2012.02.14 11:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012.02.01 21:52:02 | 014,659,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.01.31 06:17:44 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2012.01.09 11:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.01.09 11:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2012.01.04 20:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.04 20:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.04 20:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.12.28 21:48:24 | 000,147,784 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2011.12.28 21:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2011.12.26 10:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011.12.24 16:19:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.12.23 13:37:12 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.12.20 16:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011.12.20 16:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011.12.08 21:24:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.12.08 21:24:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.12.07 17:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd) DRV:64bit: - [2011.12.06 12:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.30 10:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.11.30 10:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.11.10 10:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.27 03:27:52 | 000,259,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.23 13:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.29 11:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.03.30 00:47:50 | 000,071,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110) DRV - [2012.01.30 19:40:02 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.icq.com/hxxp://www.l [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{19B18DFD-177B-4C0C-831D-77C1D1090209}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=c8cc37f2-b6b1-40d6-8949-3fe437e990bd&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{41C06AC0-2D3B-4290-B294-E8254570FBBC}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=c8cc37f2-b6b1-40d6-8949-3fe437e990bd&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=c8cc37f2-b6b1-40d6-8949-3fe437e990bd&pid=murb&k=0 IE - HKCU\..\SearchScopes\{6941D4A6-3489-4577-9CB4-F436A74E44D5}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=c8cc37f2-b6b1-40d6-8949-3fe437e990bd&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LENP_en IE - HKCU\..\SearchScopes\{6E980DB9-51D2-4FAC-BCAA-7288E1F2A02E}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=c8cc37f2-b6b1-40d6-8949-3fe437e990bd&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{9A42A883-D7E4-4103-B402-EE844E11E14F}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=c8cc37f2-b6b1-40d6-8949-3fe437e990bd&pid=murb&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{E422A7A5-DA7C-4E2B-8F68-919B2A8682D7}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=c8cc37f2-b6b1-40d6-8949-3fe437e990bd&pid=murb&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.5: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012.07.06 18:58:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.04 10:34:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.06 13:34:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.06 13:34:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.06 13:34:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.06 13:34:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.06 13:34:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.06 13:34:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.06 13:34:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.06 13:34:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.08 13:27:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\mozilla\Extensions [2012.11.04 10:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll CHR - plugin: TrueSuite (Enabled) = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombkllfdikmoepjdpmdaiinfbjpnkboa\2.0_0\npwebsitelogon.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: AdBlock = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.52_0\ CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ CHR - Extension: Website Logon = C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombkllfdikmoepjdpmdaiinfbjpnkboa\2.0_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:64bit: - HKLM\..\Toolbar: (TrueSuite Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Programme\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (TrueSuite Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Programme\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Christina\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo) O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe (Intel Corporation) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [GoogleChromeAutoLaunch_2FF7A81396EE05703C724183058CEE0F] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - Startup: C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Christina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBAAFF28-A05E-4C84-B3B9-F49266DB40AE}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.02.07 03:31:51 | 000,000,000 | ---D | M] - F:\AutoRun -- [ CDFS ] O32 - AutoRun File - [2006.02.07 03:28:25 | 000,700,416 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2006.02.07 01:46:43 | 000,630,784 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ CDFS ] O32 - AutoRun File - [2006.02.07 03:31:24 | 000,000,159 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O32 - Unable to obtain root file information for disk Q:\ O33 - MountPoints2\{214a8a51-07cc-11e2-9fdc-685d43927957}\Shell - "" = AutoRun O33 - MountPoints2\{214a8a51-07cc-11e2-9fdc-685d43927957}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe O33 - MountPoints2\{3746aa36-2458-11e2-8b12-685d43927957}\Shell - "" = AutoRun O33 - MountPoints2\{3746aa36-2458-11e2-8b12-685d43927957}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2006.02.07 03:28:25 | 000,700,416 | R--- | M] (Electronic Arts Inc.) O33 - MountPoints2\{d3ffe597-c78e-11e1-bbb6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d3ffe597-c78e-11e1-bbb6-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011.12.15 04:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.19 20:00:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe [2012.12.09 19:11:27 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Local\{01222EB9-F55F-4089-8C62-EB190D310959} [2012.12.06 20:33:55 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\gnupg [2012.12.06 20:31:47 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GNU Privacy Guard [2012.12.06 20:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNU Privacy Guard [2012.12.06 20:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU [2012.12.06 20:15:21 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Trillian [2012.12.06 20:14:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian [2012.12.06 13:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.11.30 14:45:20 | 000,000,000 | ---D | C] -- C:\Users\Christina\BAföGHannover [2012.11.27 22:02:45 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.11.27 22:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.11.27 22:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.11.20 14:31:57 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends [2012.11.20 14:31:53 | 000,000,000 | ---D | C] -- C:\xampp ========== Files - Modified Within 30 Days ========== [2012.12.19 20:14:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.19 20:00:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Desktop\OTL.exe [2012.12.19 19:59:54 | 000,000,168 | ---- | M] () -- C:\Users\Christina\defogger_reenable [2012.12.19 19:58:03 | 000,050,477 | ---- | M] () -- C:\Users\Christina\Desktop\Defogger.exe [2012.12.19 17:28:09 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 17:28:09 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 17:27:20 | 001,629,038 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.19 17:27:20 | 000,702,500 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.19 17:27:20 | 000,657,298 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.19 17:27:20 | 000,150,876 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.19 17:27:20 | 000,123,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.19 17:21:41 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2012.12.19 17:21:38 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.19 17:20:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.19 17:20:16 | 1828,130,815 | -HS- | M] () -- C:\hiberfil.sys [2012.12.16 13:55:38 | 000,001,072 | ---- | M] () -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.13 15:17:31 | 000,322,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.11 13:29:59 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.11 13:29:59 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.07 21:13:00 | 000,272,729 | ---- | M] () -- C:\Users\Christina\Documents\Hausaufgabe.pdf [2012.12.07 11:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2012.12.06 20:37:14 | 000,000,568 | ---- | M] () -- C:\Users\Christina\christina_korger@gmx.de (0x742BE8BF) rev.asc [2012.12.06 20:15:21 | 000,001,094 | ---- | M] () -- C:\Users\Christina\Desktop\Trillian.lnk [2012.11.27 22:02:45 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk ========== Files Created - No Company Name ========== [2012.12.19 19:59:54 | 000,000,168 | ---- | C] () -- C:\Users\Christina\defogger_reenable [2012.12.19 19:57:50 | 000,050,477 | ---- | C] () -- C:\Users\Christina\Desktop\Defogger.exe [2012.12.16 13:55:38 | 000,001,072 | ---- | C] () -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.07 21:12:59 | 000,272,729 | ---- | C] () -- C:\Users\Christina\Documents\Hausaufgabe.pdf [2012.12.06 20:37:08 | 000,000,568 | ---- | C] () -- C:\Users\Christina\christina_korger@gmx.de (0x742BE8BF) rev.asc [2012.12.06 20:15:21 | 000,001,124 | ---- | C] () -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk [2012.12.06 20:15:21 | 000,001,094 | ---- | C] () -- C:\Users\Christina\Desktop\Trillian.lnk [2012.11.06 21:01:03 | 000,003,584 | ---- | C] () -- C:\Users\Christina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.04 11:32:17 | 000,006,464 | ---- | C] () -- C:\Users\Christina\AppData\Local\recently-used.xbel [2012.10.25 13:26:00 | 000,042,806 | ---- | C] () -- C:\Users\Christina\actionbar_style_green_theme.zip [2012.09.27 15:08:35 | 000,000,057 | ---- | C] () -- C:\Users\Christina\.gitconfig [2012.08.22 17:57:10 | 000,007,602 | ---- | C] () -- C:\Users\Christina\AppData\Local\Resmon.ResmonCfg [2012.08.17 09:46:31 | 001,649,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.04 19:15:05 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.08.04 11:56:36 | 000,000,801 | ---- | C] () -- C:\Users\Christina\Magischer Aktenkoffer.lnk [2012.08.04 11:46:00 | 000,004,725 | ---- | C] () -- C:\Users\Christina\AppData\Roaming\AbsoluteReminder.xml [2012.08.04 11:44:52 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012.07.06 18:41:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll [2012.07.06 18:41:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll [2012.07.06 18:41:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll [2012.07.06 18:30:11 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.07.06 18:30:11 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.07.06 18:30:10 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.07.06 18:30:09 | 013,007,360 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.29 13:50:59 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1 [2012.11.01 20:24:50 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\DAEMON Tools Lite [2012.08.08 13:43:36 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\DesktopIconForAmazon [2012.12.19 17:21:30 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Dropbox [2012.10.07 21:59:05 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\DVDVideoSoft [2012.09.30 22:27:19 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.17 08:48:55 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\e-academy Inc [2012.12.06 22:18:12 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\gnupg [2012.12.18 22:24:11 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\ICQ [2012.08.08 13:41:13 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\ICQ Search [2012.08.04 11:58:02 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Leadertech [2012.08.04 11:58:37 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Lenovo [2012.08.04 11:54:41 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\LSC [2012.10.23 21:28:51 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\NuGet [2012.08.08 13:43:35 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\OCS [2012.08.30 13:56:46 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\OpenOffice.org [2012.08.08 13:43:36 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Opera [2012.08.04 12:47:09 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\PwrMgr [2012.12.17 00:18:10 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\SoftGrid Client [2012.09.04 09:10:31 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Telerik [2012.08.08 13:27:16 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Thunderbird [2012.08.17 09:47:16 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\TP [2012.12.06 20:20:10 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Trillian [2012.08.18 10:11:42 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Ulead Systems [2012.10.29 22:17:25 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Webocton - Scriptly ========== Purity Check ========== < End of report > |
19.12.2012, 21:07 | #4 |
| Lufthansa Spam - Anhang geöffnet EXTRAS.txt Code:
ATTFilter OTL Extras logfile created on: 19.12.2012 20:12:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christina\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,60 Gb Total Physical Memory | 4,75 Gb Available Physical Memory | 62,44% Memory free 15,21 Gb Paging File | 12,28 Gb Available in Paging File | 80,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 679,59 Gb Total Space | 493,75 Gb Free Space | 72,65% Space Free | Partition Type: NTFS Drive D: | 448,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 603,42 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive Q: | 17,58 Gb Total Space | 4,08 Gb Free Space | 23,23% Space Free | Partition Type: NTFS Drive S: | 1,46 Gb Total Space | 1,11 Gb Free Space | 75,47% Space Free | Partition Type: NTFS Computer Name: CHRISTINA-THINK | User Name: Christina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00D40B04-8C35-46D8-BECA-359DEF590F16}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe | "{03007328-6DB5-40A5-BBCE-136D6D075842}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{11D970F9-E657-496C-949F-6EBC9859FB2A}" = rport=137 | protocol=17 | dir=out | app=system | "{18BE769B-46CB-44A0-8F99-A1CB81194642}" = lport=rpc-epmap | protocol=6 | dir=in | name=test authoring and execution framework service (rpc endpoint mapper) | "{1A65C3A0-D91C-473F-9B54-893ABF89A3B9}" = rport=138 | protocol=17 | dir=out | app=system | "{2332532E-7A5E-4D91-8A2C-840B945D9197}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe | "{288DBA4E-0682-4F9F-A4A3-D79057A44BA7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2CEF3D26-144B-46BC-B2B5-BBDA94944A38}" = rport=139 | protocol=6 | dir=out | app=system | "{2D2E7278-51A3-41CC-8BCC-8C53B60F49CD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{36420C24-CC84-42CD-99F8-22EAB0CC3673}" = lport=10243 | protocol=6 | dir=in | app=system | "{3D027714-C717-48E9-8318-3D67BB634136}" = lport=40980 | protocol=6 | dir=in | name=test authoring and execution framework service | "{45CA6724-0508-4C43-BDCC-73A142F53129}" = lport=445 | protocol=6 | dir=in | app=system | "{47ECC765-4D62-445E-B2F4-DFB27668CFBD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4BD8D33C-DA48-400B-BBD2-DEC40D09229E}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe | "{5CE33777-3249-4E2C-98F2-BB6CB06AB603}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{64C147B1-0D88-4135-ADB4-BA5BA079F4FF}" = lport=137 | protocol=17 | dir=in | app=system | "{67039F0D-A002-4CC4-8E8F-F196ABCB860E}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe | "{6D1A13D0-5CE2-4E37-88F0-11DC3A4E640B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7538DBE1-D3EC-4F9A-8ADD-860384C7CA5D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7A287898-50F7-4B80-8CDF-7CD549D5A541}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7B66788F-9CA6-40F7-AD9F-E46242D82D02}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7BB0D896-ECF0-4677-B90B-496257E843FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{84B93FAE-6230-4083-B001-130C40B2D37D}" = lport=139 | protocol=6 | dir=in | app=system | "{8A9B0739-A0E0-40DB-A4DD-B66BE834CD28}" = lport=2869 | protocol=6 | dir=in | app=system | "{9391A434-0F19-4A7A-A146-684754D8493D}" = rport=10243 | protocol=6 | dir=out | app=system | "{A3E88A7A-2770-4CC6-8FA4-D6F15D6F26CC}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe | "{B6F78E76-8AC3-42D7-B74A-9A09F7395CF2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{BACCC869-E006-43E8-B29A-5F4A6AA888C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BB1ABBD5-D8D3-4007-AB69-D316BCD299C0}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe | "{D1FE4E21-662C-44C6-9613-16FD5BA1E21D}" = rport=445 | protocol=6 | dir=out | app=system | "{D7A03789-138B-4112-BCE4-84DEEC9589BE}" = lport=138 | protocol=17 | dir=in | app=system | "{E366B6EE-A1B0-4C2F-B354-16FC5FF3A2A7}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe | "{F7B7233B-80FC-4BCD-B06F-29D50EF916F3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FF5823FE-898A-4BD7-B48B-40FFF931D093}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CA8BAF-56F9-47D3-BEC4-02651B80E977}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{04582001-2B47-49DB-A08B-6CB4E8C89EC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{100ADACD-AB48-468A-8C21-708658E9A7D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{158E77EB-CCC1-4FE7-8A40-AB559C88A3E5}" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "{1AC7C266-CEC8-4DEA-9583-D8F40E847D09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1C6A2399-3798-4428-A1D9-7EFAB4B0610A}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | "{202BE88E-19CE-482F-9E84-F2E8AE5DF24F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{223DAE37-24A1-4E07-A913-E84B90AE0169}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{28F2BCD6-E4A6-4300-A14C-C66D370C95F0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{2A4AEE18-030F-43CA-A371-210E13D32FC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2EE564A5-4311-4502-8E85-0F60D5BE8A08}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{303727E8-B4AF-4647-BEA5-FDC601928287}" = protocol=17 | dir=in | app=c:\users\christina\appdata\roaming\dropbox\bin\dropbox.exe | "{320A88A9-3D34-4E91-897A-59AEBC5B91C3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{3940A1DE-E51A-4845-A820-069A2E104AE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3BDECB6F-6743-4F29-B018-AAD1CB9381A9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{3ED0E6A7-0EBD-42C5-BF9B-4387984F98AB}" = protocol=6 | dir=in | app=c:\users\christina\appdata\roaming\dropbox\bin\dropbox.exe | "{4308F5DE-5C7E-48B0-AC5F-8B961C69505E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{430C9616-7B03-42C1-871B-59F8E5910D65}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{4360D9E0-6902-4011-AF4F-A088DC2187E2}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "{508A40C6-1E25-492C-8EFB-AD1ADA4DB051}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{52722370-44F9-4517-9A19-91357142C89E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{60FA09F3-171B-4978-9E21-FADA2A9A9829}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{65C1580C-1F22-4DB4-8702-73F8F8EA41DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{694C7898-A9E3-4B3F-B203-8B68266A2ED8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{6A97B9EF-31C2-45E2-8CE9-B384E54CE5BE}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{73B6A784-E2AD-4B1A-AFAD-03FE797CE9FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7AAA4130-FAAA-47A3-BAC0-746F2D45AC61}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{7CA9F1FE-06AA-4C03-922D-13BB5C55C86C}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | "{8182699F-7C27-4E2B-8355-9BD0DF15A14B}" = protocol=6 | dir=out | app=system | "{8DCCFAB8-0A96-46FD-A9D6-FB87EA0D5BCF}" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "{9390B7DB-3252-4F2F-8D59-27C4D9722F7E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{99679E55-5E2D-4AC8-99E9-A7046E4363F7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{9E482E84-D18B-4C15-A05F-C0B85F3235CB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{B0E0EC6C-CBB6-425F-B799-14CAE082F7E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B0F92F7F-0FD9-4580-95C2-CA371F18D7BE}" = protocol=6 | dir=in | app=c:\users\christina\appdata\roaming\dropbox\bin\dropbox.exe | "{B97F8857-61CC-4419-B76B-6C07C0FEB74F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{C8DF342C-A94F-4D65-8F4C-03494434EEAA}" = protocol=17 | dir=in | app=c:\users\christina\appdata\roaming\dropbox\bin\dropbox.exe | "{CDD7F6AB-3703-41E1-A327-C04B9EF492D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CF332B1D-472B-4572-9ACB-EDA7B48BE433}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{DDFC0BCE-9E36-4715-B5EE-98B0438D52E8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{DF29D5E4-1BC7-4D65-91E1-78D66A3616E9}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | "{DFD74CAE-40BF-4574-8A0E-ABC89D451DD2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E5D51326-2118-4CA9-B49B-2BF79EA9EFFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{ED13CA74-C6F6-4BE1-8E2E-3F08D09C3B54}" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe | "{EDC6ED88-128D-45F5-935D-AE17306A0871}" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe | "{F07426AB-6EE3-4A83-8882-AF217F040E4E}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "{FFE2038B-A085-4080-AA38-324EC63C8A9A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{7E3595E5-D50C-4627-99F5-82C0E193370F}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "TCP Query User{84D10B13-F455-44A2-A006-351433314AC8}C:\program files (x86)\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe | "TCP Query User{A3D9A554-D298-469A-BEA0-D98EB24D61B3}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "TCP Query User{EDEEA4D5-F248-41CE-BC13-90A453940E47}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{2291F17E-C632-4FC6-85F7-86BED816B81E}C:\program files (x86)\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\plugins\skypekit.exe | "UDP Query User{68AC6947-26E3-481E-8D18-BDDADDAD1EE9}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "UDP Query User{9ECCDA99-9A5B-4364-B0C6-45D1AE49886A}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "UDP Query User{E417FDBA-812F-4EB0-A94F-02F5F1C2D019}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom "{18646776-6EC4-32CD-8623-6A7A4A4ACDA1}" = Microsoft Visual Studio Team Foundation Server 2012 RC Storyboarding "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{227118FF-DE8C-42BF-A813-81E8B2378F5D}" = Microsoft SQL Server Compact 4.0 SP1 x64 DEU CTP1 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416037FF}" = Java(TM) 6 Update 37 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display "{2A5511AE-B5AF-D74E-0632-A54882E53453}" = Windows App Certification Kit Native Components "{30C8A133-BD06-35FF-9DCC-DD05E9F7C0B0}" = Visual Studio 2012 Prerequisites - DEU Language Pack "{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed "{3E06CDF6-FC15-3137-A625-C21A8EEAF83A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50522 "{40725531-9527-433B-8728-1E5E92986159}" = Microsoft Visual Studio 2012 IntelliTraceLoc "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}" = Microsoft SQL Server System CLR Types (x64) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{520C4DD4-2BC7-409B-BA48-E1A4F832662D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{54AC5197-9CE4-4C42-B191-16F5918479EC}" = Microsoft Web Platform Installer 4.0 "{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service "{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot "{5EA8AB9C-12CF-3E07-B450-6F2CC355A2BE}" = Microsoft .NET Framework 4.5 DEU Language Pack RC "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0160370}" = Java(TM) SE Development Kit 6 Update 37 (64-bit) "{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit) "{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}" = Microsoft-System-CLR-Typen für SQL Server 2012 (x64) "{794E51CC-3C8A-C173-728D-103F6955B479}" = Windows Software Development Kit for Metro style Apps DirectX x64 Remote "{7E587F58-50BE-3557-89F6-14D99CB5FB2A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}" = Microsoft SQL Server 2012 Native Client "{900A0EDC-F163-4D08-8821-8E0262181AAC}" = Microsoft Visual Studio 2012 IntelliTrace Core amd64 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack RC "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 RC "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{992FCDC3-BE72-4AE4-A96A-7A93847F5F5B}" = Microsoft Visual Studio 2012 Performance Collection Tools RC "{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64 "{9F555291-0543-44F1-BBAE-21C0FD345B8D}" = Microsoft Web Deploy 3.0 "{A8CAC260-092D-41DA-A38F-73AF4226B021}" = Lenovo Graphics Software "{A9F9991D-6B90-3F8A-AF06-F5CE0A0AF232}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU "{AC3539BE-6ACD-3078-B521-0AC2884720F3}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU "{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}" = Microsoft SQL Server 2012 Command Line Utilities "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{AE7FA348-3B1A-38A5-BC2F-A21D92260C4F}" = Microsoft Visual Studio Team Foundation Server 2012 RC Object Model Language Pack - DEU "{AF5A2906-0FBB-41B5-AADC-FB6AA12A3973}" = IIS 8.0 Express "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 290.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 290.56 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.6.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.1111 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B57D4097-F2FE-4222-BA02-46C6EC8B7944}" = DisplayLink Core Software "{BC48BCD7-A221-3A93-B856-615F81DF9F4D}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) "{BD5A6D72-6174-32BB-AFC4-3FBAF139B634}" = Microsoft Visual C++ 2012 RC x64 Designtime - 11.0.50522 "{CF740B84-F671-35B6-9735-49C299AFB7D4}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50522 "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}" = Microsoft SQL Server 2012 Management Objects (x64) "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D71B0094-AF8D-4842-92A9-D30AD9D113B5}" = Microsoft SQL Server 2012 Data-Tier App Framework "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}" = Lenovo Solution Center "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{DF8F4026-E6DC-474C-90D2-BCE9888786F8}" = AuthenTec TrueSuite "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E195E5F3-A4EB-461D-8348-41A6653C5F44}" = Microsoft Visual Studio 2012 Performance Collection Tools RC - DEU "{E313BDBD-426C-3FC7-A085-07BA9EC6FA87}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50522 "{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMwarePlayer_x64 "{E6AB5363-5B83-4F2F-8550-4B04FC0D4083}" = Visual Studio 2012 Prerequisites "{E6F5B546-C708-3CB3-953D-20AA7C6DD48C}" = Microsoft .NET Framework 4.5 RC "{E871E0CE-EE8B-D09F-F0D0-5FB5FD9BDD41}" = Windows Software Development Kit DirectX x64 Remote "{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi-Software "{EF18EF0F-96D3-4A6B-9600-2197F1720A15}" = Microsoft SQL Server 2012 Express LocalDB "{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}" = Lenovo SimpleTap "{FA522C2E-3BD1-33FD-870D-9D2EEF218BEA}" = Microsoft Visual Studio Team Foundation Server 2012 RC Object Model "{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86 "{FE7033F9-F662-3CEF-892A-2B8D28086D8D}" = Microsoft Visual Studio Team Foundation Server 2012 RC Storyboarding Language Pack - DEU "64A62163FE43328D13305746CB8BCC93F2DF6545" = Windows-Treiberpaket - Intel (iaStor) hdc (11/29/2011 11.0.0.1032) "76052A6680822C2132A1EB4E64568F3C9591560E" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (04/02/2012 16.0.5.2) "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "DesktopIconAmazon" = Desktop Icon für Amazon "E3535F123E7F666D573665142F90D3E5004DC326" = Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) "GIMP-2_is1" = GIMP 2.8.2 "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU "OnScreenDisplay" = Anzeige am Bildschirm "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel PROSet Wireless "SearchAnonymizer" = SearchAnonymizer "SynTPDeinstKey" = ThinkPad UltraNav Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre "{07193A85-1C71-4EB2-A2EB-ABE074A67165}" = Microsoft ASP.NET MVC 4 - Visual Studio 11 Tools "{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater "{07AC2D83-E795-4AD5-970D-B9BD14A1E411}" = Microsoft ASP.NET MVC 3 - DEU "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.8 Build #6800 Banner Remover 1.0 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{102ADFA1-B397-44E4-9ED6-046543C6EB4A}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 11 Tools "{10AD73D6-2914-37E8-B58D-83EBC240096D}" = Microsoft Visual Studio Ultimate 2012 RC - DEU "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{14FF7D5F-0B29-7D19-B2F6-92CF3C26DAE0}" = Windows Software Development Kit for Metro style Apps DirectX x86 Remote "{171408E3-A292-4BEE-9740-9B0BF75EC926}" = Microsoft Web Tooling Extensions - Visual Studio 11 - DEU "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1B9555DF-E30C-94FF-4327-455998102A2F}" = LocalESPCui for de-de "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20910DB2-555D-318B-9923-974F85C4CB44}" = Microsoft Visual C++ Extended Libraries 2012 "{216BC0E1-24CC-E180-570C-7E05EA4280D1}" = Windows Software Development Kit for Metro style Apps "{21895F64-4DA5-4D5E-A5AC-BED10B81A09E}" = Microsoft ASP.NET Web Pages 2 Runtime "{2297DC85-D50E-417B-9430-BD9FA49FBD6A}" = Microsoft ASP.NET Web Pages - Visual Studio 11 Tools - DEU "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update "{28207E23-5226-3F19-BFCF-9252DF38F82E}" = Microsoft LightSwitch for Visual Studio 2012 RC CoreRes - DEU "{28C7A4BB-3966-4373-8376-C11F38290630}" = Microsoft SQL Server 2012 T-SQL Language Service "{2902E207-8338-4C8F-9327-A0623B1CC095}" = SQL Server Data Framework Tools - DEU "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver "{2BC4F47A-4414-41F2-9618-99FCBE5D4A68}" = Microsoft Visual Studio 2012 Tools für SQL Server Compact 4.0 SP1 RC DEU "{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components "{2CB523DF-A3C2-4A7C-8848-53898F6D6F87}" = PreEmptive Analytics Client German Language Pack "{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome "{2F3051AC-F5BF-3510-A792-3BC84C9ADAFD}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - deu "{313C2553-32A5-40BD-9D64-A3CF2BF86D8A}" = Microsoft ASP.NET Web Pages 2 Runtime - DEU "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{339C75D4-4FD8-4803-AF5A-BBB253A58111}" = Microsoft ASP.NET MVC 4 - Visual Studio 11 Tools - DEU "{34E5F621-1315-4650-9951-2D4F8CEADE47}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources "{3520481A-4075-43D7-9133-93A8399E7099}" = WCF RIA Services V1.0 SP2 "{35AD2AC5-327F-303A-98B2-F00EFD158E13}" = Microsoft Help Viewer 2.0 RC Language Pack - DEU "{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{384718F2-AF67-30E5-9EE7-270041D2CF06}" = Microsoft Visual Studio 2012 SharePoint Developer Tools RC deu Language Pack "{3B510129-79C0-4BC8-9B86-5371C81F5B70}" = WCF Data Services 5.0 (for OData v3) DEU Language Pack "{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder "{428BD3C7-C169-4799-BCB4-B6FCDC4B8B2F}" = Microsoft .NET Framework 4.5 RC SDK - DEU Lang Pack "{4488D382-70EF-FAA2-4E1C-2A71C4618780}" = Windows App Certification Kit x64 "{4682ADE7-8A43-4605-9747-D65EDA4F0A48}" = Microsoft Visual Studio 2012 IntelliTraceLoc "{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX "{48994514-64C3-3134-817E-D47A5DB03964}" = Microsoft Visual Studio Team Foundation Server 2012 RC Team Explorer "{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}" = Microsoft-System-CLR-Typen für SQL Server 2012 "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4 "{4D4AEED6-6A9A-43F4-98AB-1C3B0FF9F5A9}" = Blend for Visual Studio DEU resources "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{50E6ADE7-5E2B-4828-A93C-CF8A6A107919}" = Microsoft Visual Studio 2012 Devenv Resources "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 "{5600AD27-171D-411A-BC0B-EFB6F0DD77CF}" = Microsoft Visual C++ Compilers 2012 "{5B5DEF99-85E9-423D-A1A3-B83202697B09}" = Lenovo Solutions for Small Business Customizations "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{605F090C-91D3-4F5A-8FB4-CB25704140EE}" = Tools for .Net 3.5 - DEU Lang Pack "{608E1B9B-A2E8-4A1F-8BAB-874EB0DD25E3}" = Intel(R) Update Manager "{62B7DCD3-8D53-4C75-8627-092A842AA1D2}" = WCF Data Services 5.0 (for OData v3) Metro Support "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{653E3E01-1344-4DD6-9788-8BC2F139CF7C}" = Microsoft Visual Studio 2012 RC Preparation "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A6D86CD-B004-46b7-8951-7BB75A776F8C}" = Lenovo Solutions for Small Business "{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}" = Microsoft SQL Server 2012 Management Objects "{6BFBF401-C295-3ED8-BF24-64163DA019A6}" = Microsoft Visual Studio Ultimate 2012 RC XAML UI Designer deu Resources "{6D28EA4A-70F5-37A1-91CD-3582538BA07F}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50522 "{6DB454FB-6B7F-3552-B2CB-6E4789B5B89E}" = Microsoft LightSwitch for Visual Studio 2012 RC Core "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{70D065C3-77E5-45E9-A75C-EEB2E84EA869}" = Erforderliche Komponenten für SSDT "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7232DA2E-A0D5-4E3E-AB84-9F6404169F07}" = Microsoft .NET Framework 4.5 RC SDK "{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell "{77418E2E-A3C9-39D5-B28E-B6151E99FAA1}" = Microsoft Visual Studio Premium 2012 RC "{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M "{7823CD24-ACE4-3799-AD4C-9FDBCCA3F2F6}" = Microsoft Visual Studio Professional 2012 RC "{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business "{7CCF74A1-A4F1-4FCD-AA69-CD65A99D7930}" = Microsoft ASP.NET MVC 4 Runtime - DEU "{7EAAF718-8547-4C8E-BA2C-C63A02FC6927}" = Microsoft Visual Studio 2012 Devenv "{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}" = Message Center Plus "{815BD691-2142-43ED-9AFD-B43FF21E22EA}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 11 Tools - DEU "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84C222D1-D7BD-DD1B-8B74-9A16F2988E97}" = Windows Software Development Kit "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86756584-C41A-4CA3-B42D-4768C7720F56}" = Microsoft Web Deploy dbSqlPackage Provider - DEU "{8719C066-3A8C-4528-B82F-5094DB869F43}" = Microsoft ASP.NET MVC 4 Runtime "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BFC3B9B-39EC-4C25-9281-D5BC0AA9994A}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8DDACC91-06BB-4732-A1A4-CEA2C810C6D2}" = Visual Studio Extensions for Windows Library for JavaScript "{8EA792A5-38AA-4F0E-8DFE-D1BAF1145431}" = Microsoft Silverlight 4 SDK - Deutsch "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager "{92B25476-44C8-3DA2-B6E5-430B9ECF7936}" = Microsoft Visual Studio Team Foundation Server 2012 RC Team Explorer Language Pack - DEU "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{930DC0D8-6D2B-4A98-906C-F238346F9399}" = WCF Data Services 5.0 (for OData v3) Primary Components "{938526B1-772C-45E3-813A-2E15048DE74E}" = Dotfuscator and Analytics Community Edition Language Pack "{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU "{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel(R) WiDi "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96F57CF7-E29B-45F8-807E-4536647BCC90}" = Microsoft Visual Studio 2012 Shell (Minimum) "{9890E3FE-F661-3A95-92B5-62B3312C7787}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50522 "{9915ECB9-5379-3E9B-B0B6-0FF548E5F2AB}" = Microsoft Portable Library Multi-Targeting Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DAB1A70-99A0-390E-ADD0-820B0A0F4DEC}" = Microsoft Visual Studio Ultimate 2012 RC XAML UI Designer Core "{A00B6300-4810-19EE-F306-7F4C0C2A27CC}" = Balsamiq Mockups For Desktop "{A0E74241-86C8-456D-98A8-D0A4001A903A}" = Blend for Visual Studio "{A2BDFA91-7008-4AEB-64B4-1CDBB6ADBCB8}" = Windows Software Development Kit DirectX x86 Remote "{A2DAE988-5133-37FB-9188-51B5F068CFCA}" = Microsoft Visual C++ Core Libraries 2012 "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5 "{A420789F-926D-3CC1-976F-EA60683BF78F}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50522 "{A4730254-32DC-40C0-99E5-41AB2009B894}" = Microsoft Web Tooling Extensions - Visual Studio 11 "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.16 "{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}" = Lenovo Patch Utility "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{ABC60659-C1A3-44EF-923C-7D09ECA67604}" = Microsoft SQL Server Data Tools - DEU (11.1.20425.00) "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD526461-9930-4AD4-8A6F-B8CEC2043A90}" = Microsoft SQL Server 2012 Data-Tier App Framework "{AD90E459-3EAC-FEF6-51A7-9B68E3DDEBF5}" = Windows Runtime Intellisense Content - de-de "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B3934B17-C30E-4148-90AC-D22DFC114ED5}" = Microsoft Report Viewer Add-On for Visual Studio 2012 "{B401B8FD-4247-0E85-B770-029B7FB0D281}" = LocalESPC "{B676ADFC-0825-4A7D-BBA3-22A22559AEA9}" = Microsoft Report Viewer Add-On für Visual Studio 2012 "{B7500AF1-9387-3728-BC93-48E510AE64F4}" = Microsoft Visual Studio Premium 2012 RC - DEU "{B9A75889-A58C-41C8-A574-EE873BDB07BC}" = Microsoft ASP.NET Web Pages - Visual Studio 11 Tools "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C21134A7-5C73-3CA9-AB1E-7BE7C9F983BB}" = Microsoft Visual Studio 2012 SharePoint Developer Tools RC "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C81FA816-5584-4F93-B7EE-31B60F9AAE70}" = Microsoft Visual Studio 2012 IntelliTrace Front End x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{d34ed93d-c49f-4ef5-8df9-7b8da2db57df}" = Microsoft Visual Studio Ultimate 2012 RC "{D3B4BC9B-BD93-4409-8290-3CB7C8B079B2}" = Microsoft ASP.NET MVC 3 - Visual Studio 11 Tools Update "{D434E072-F482-4F52-AB97-7B19DD5DAEB5}" = Microsoft SQL Server System CLR Types "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6596440-BDDD-3836-86E7-307CC8A444BE}" = Microsoft Help Viewer 2.0 RC "{D9D09B63-5B5C-43FA-A64C-1ADAE877EDB6}" = Microsoft Visual Studio 2012 IntelliTraceFrontEndLoc "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager "{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3 "{DE6D2974-7F94-49D1-9AC1-AFF0FE197D34}" = Microsoft ASP.NET MVC 3 - Visual Studio 11 Tools Update - DEU "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E00E7621-9E1C-3041-A6E7-2566D3702F8D}" = Microsoft .NET Framework 4.5 RC Multi-Targeting Pack "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E255D855-7FB4-44E8-A6B0-5A7C36C23888}" = Tools for .Net 3.5 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E855CC43-0436-467A-9807-E173441C7589}" = Microsoft Visual C++ Compilers 2012 - DEU Resources "{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EB12031F-32D5-3EE4-ABB2-86AEF13AD03F}" = Microsoft Visual Studio Professional 2012 RC - DEU "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC70C41E-B35D-4CEE-9BDF-6CDF4842B507}" = WCF Data Services Tools for Visual Studio 11 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "{F26A1695-0632-44E0-88DD-1AB6BC3DA302}" = WCF Data Services Tools for Visual Studio 11 DEU Language Pack "{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}" = Microsoft Silverlight 5 SDK - DEU "{F416C569-F2D7-3D12-AB2C-A8221809A34B}" = Microsoft Visual Studio Ultimate 2012 RC "{F6D2411C-3F7B-4AF6-BE2F-B7BFAA0D87EE}" = Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20425.00) "{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3 "{F882ACC0-8E9B-4053-AC89-411403D401A0}" = Microsoft Visual Studio 2012 IntelliTrace Core x86 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Android SDK Tools" = Android SDK Tools "Avira AntiVir Desktop" = Avira Free Antivirus "BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop "Bluefish" = Bluefish 2.2.3 "DAEMON Tools Lite" = DAEMON Tools Lite "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Fastboot" = RapidBoot HDD Accelerator "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918 "GnuPG" = GNU Privacy Guard "Google Chrome" = Google Chrome "Guard.Mail.ru" = Guard.ICQ "ICQToolbar" = ICQ Toolbar "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "Microsoft Help Viewer 2.0 RC" = Microsoft Help Viewer 2.0 RC "Microsoft Help Viewer 2.0 RC Language Pack - DEU" = Microsoft Help Viewer 2.0 RC Language Pack - DEU "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "SugarSync" = SugarSync Manager "Trillian" = Trillian "VMware_Player" = VMware Player "Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6 "WinLiveSuite" = Windows Live Essentials "xampp" = XAMPP 1.8.1 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.12.2012 10:22:09 | Computer Name = Christina-THINK | Source = WinMgmt | ID = 10 Description = Error - 15.12.2012 10:24:42 | Computer Name = Christina-THINK | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000 ID des fehlerhaften Prozesses: 0x490 Startzeit der fehlerhaften Anwendung: 0x01cddacf873c0817 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 2a082985-46c3-11e2-a062-685d43927957 Error - 15.12.2012 10:24:48 | Computer Name = Christina-THINK | Source = WinMgmt | ID = 10 Description = Error - 15.12.2012 13:54:04 | Computer Name = Christina-THINK | Source = WinMgmt | ID = 10 Description = Error - 16.12.2012 08:36:16 | Computer Name = Christina-THINK | Source = WinMgmt | ID = 10 Description = Error - 17.12.2012 04:42:42 | Computer Name = Christina-THINK | Source = WinMgmt | ID = 10 Description = Error - 17.12.2012 14:09:19 | Computer Name = Christina-THINK | Source = WinMgmt | ID = 10 Description = Error - 17.12.2012 18:32:31 | Computer Name = Christina-THINK | Source = WinMgmt | ID = 10 Description = Error - 18.12.2012 13:47:25 | Computer Name = Christina-THINK | Source = WinMgmt | ID = 10 Description = Error - 19.12.2012 12:20:44 | Computer Name = Christina-THINK | Source = WinMgmt | ID = 10 Description = [ Lenovo-Message Center Plus/Admin Events ] Error - 27.09.2012 09:42:15 | Computer Name = Christina-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden. -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden. Error - 22.10.2012 08:37:25 | Computer Name = Christina-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 22.10.2012 08:37:28 | Computer Name = Christina-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 22.10.2012 08:37:30 | Computer Name = Christina-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 18.11.2012 17:06:28 | Computer Name = Christina-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 18.11.2012 17:06:31 | Computer Name = Christina-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 18.11.2012 17:06:33 | Computer Name = Christina-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 19.12.2012 14:10:44 | Computer Name = Christina-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 19.12.2012 14:10:46 | Computer Name = Christina-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt Error - 19.12.2012 14:10:48 | Computer Name = Christina-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Message = Der angegebene Host ist unbekannt -> Exception message: Der angegebene Host ist unbekannt [ System Events ] Error - 02.11.2012 20:24:47 | Computer Name = Christina-THINK | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 02.11.2012 20:24:53 | Computer Name = Christina-THINK | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 02.11.2012 20:25:00 | Computer Name = Christina-THINK | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 02.11.2012 20:25:06 | Computer Name = Christina-THINK | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 02.11.2012 20:25:13 | Computer Name = Christina-THINK | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 02.11.2012 20:25:19 | Computer Name = Christina-THINK | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 02.11.2012 20:25:25 | Computer Name = Christina-THINK | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 02.11.2012 20:25:32 | Computer Name = Christina-THINK | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 02.11.2012 20:25:38 | Computer Name = Christina-THINK | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 02.11.2012 20:25:45 | Computer Name = Christina-THINK | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. < End of report > Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Mittwoch, 19. Dezember 2012 17:24 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : Christina Computername : CHRISTINA-THINK Versionsinformationen: BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00 AVSCAN.EXE : 13.6.0.402 639264 Bytes 11.12.2012 12:29:17 AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 12:29:17 LUKE.DLL : 13.6.0.400 67360 Bytes 11.12.2012 12:29:49 AVSCPLR.DLL : 13.6.0.402 93984 Bytes 10.12.2012 15:16:11 AVREG.DLL : 13.6.0.406 248096 Bytes 10.12.2012 15:16:10 avlode.dll : 13.6.1.402 428832 Bytes 10.12.2012 15:16:12 avlode.rdf : 13.0.0.26 7958 Bytes 10.12.2012 15:16:11 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 12:30:01 VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 12:30:01 VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 12:30:01 VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 12:30:01 VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 12:30:01 VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 12:30:01 VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 12:30:01 VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 13:14:32 VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 19:38:12 VBASE016.VDF : 7.11.51.221 164352 Bytes 29.11.2012 12:23:18 VBASE017.VDF : 7.11.52.29 158208 Bytes 01.12.2012 12:57:51 VBASE018.VDF : 7.11.52.91 116736 Bytes 03.12.2012 19:19:28 VBASE019.VDF : 7.11.52.151 137728 Bytes 05.12.2012 10:03:04 VBASE020.VDF : 7.11.52.225 157696 Bytes 06.12.2012 18:35:36 VBASE021.VDF : 7.11.53.35 126976 Bytes 08.12.2012 16:50:38 VBASE022.VDF : 7.11.53.55 225792 Bytes 09.12.2012 16:34:59 VBASE023.VDF : 7.11.53.93 157184 Bytes 10.12.2012 21:16:02 VBASE024.VDF : 7.11.53.169 153088 Bytes 12.12.2012 19:49:30 VBASE025.VDF : 7.11.53.237 152064 Bytes 14.12.2012 11:12:19 VBASE026.VDF : 7.11.54.23 149504 Bytes 17.12.2012 18:14:43 VBASE027.VDF : 7.11.54.67 130048 Bytes 18.12.2012 17:52:42 VBASE028.VDF : 7.11.54.68 2048 Bytes 18.12.2012 17:52:42 VBASE029.VDF : 7.11.54.69 2048 Bytes 18.12.2012 17:52:42 VBASE030.VDF : 7.11.54.70 2048 Bytes 18.12.2012 17:52:42 VBASE031.VDF : 7.11.54.74 2048 Bytes 18.12.2012 17:52:43 Engineversion : 8.2.10.222 AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55 AESCRIPT.DLL : 8.1.4.76 467324 Bytes 14.12.2012 13:21:31 AESCN.DLL : 8.1.10.0 131445 Bytes 14.12.2012 13:21:31 AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06 AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 10:32:50 AEPACK.DLL : 8.3.1.0 819574 Bytes 14.12.2012 13:21:31 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 21:13:57 AEHEUR.DLL : 8.1.4.160 5624184 Bytes 06.12.2012 18:35:43 AEHELP.DLL : 8.1.25.2 258423 Bytes 17.10.2012 20:17:28 AEGEN.DLL : 8.1.6.12 434549 Bytes 14.12.2012 13:21:29 AEEXP.DLL : 8.3.0.0 184692 Bytes 14.12.2012 13:21:32 AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55 AECORE.DLL : 8.1.30.0 201079 Bytes 14.12.2012 13:21:28 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 21:13:47 AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30 AVPREF.DLL : 13.4.0.360 50464 Bytes 11.12.2012 12:29:16 AVREP.DLL : 13.4.0.360 177952 Bytes 10.12.2012 15:16:11 AVARKT.DLL : 13.6.0.402 260384 Bytes 11.12.2012 12:29:09 AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 11.12.2012 12:29:12 SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40 AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54 NETNT.DLL : 13.4.0.360 15648 Bytes 11.12.2012 12:29:50 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 12:29:08 RCTEXT.DLL : 13.4.0.360 68384 Bytes 11.12.2012 12:29:08 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Q:, R:, S:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Mittwoch, 19. Dezember 2012 17:24 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'Q:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'TrueSuiteService.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'ibmpmsvc.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '103' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '157' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'DisplayLinkManager.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'WUDFHost.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'WLANExt.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'conhost.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'devmonsrv.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'CxAudMsg64.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'EvtEng.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'FBService.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'GuardICQ.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'ICQSER~1.EXE' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'HeciServer.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'IntelMeFWService.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'jhi_service.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'CAMMUTE.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'TPKNRSVC.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'vcamsvc.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'lvvsst.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'RegSrvc.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'SAsrv.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchAnonymizerHelper.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '173' Modul(e) wurden durchsucht Durchsuche Prozess 'sqlwriter.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'Wex.Services.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'TPHKSVC.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'ULCDRSvr.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'vmnat.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'ZeroConfigService.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxext.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxsrvc.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'obexsrv.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'MICMUTE.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'TPHKLOAD.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'vmware-authd.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'vmnetdhcp.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'vmware-usbarbitrator64.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'hkcmd.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxpers.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'BleServicesCtrl.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'CAudioFilterAgent64.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'fmapp.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'TpShocks.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'TpKnrres.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '95' Modul(e) wurden durchsucht Durchsuche Prozess 'DTLite.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '86' Modul(e) wurden durchsucht Durchsuche Prozess 'TouchControl.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'DisplayLinkUserAgent.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'nvxdsync.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'iusb3mon.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'RCIMGDIR.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'pcee4.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'GuardICQ.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'unsecapp.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'virtscrl.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'BioMonitor.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSvcM.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '19' Modul(e) wurden durchsucht Durchsuche Prozess 'MKRMSG.EXE' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '19' Modul(e) wurden durchsucht Durchsuche Prozess 'mediasrv.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'tpnumlkd.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'tpnumlk.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'TPONSCR.EXE' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPLpr.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'BTPlayerCtrl.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'SYNTPHELPER.EXE' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'SCHTASK.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'IntelSmallBusinessAdvantage.exe' - '111' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'Intel.SmallBusinessAdvantage.WindowsService.exe' - '100' Modul(e) wurden durchsucht Durchsuche Prozess 'BTHSAmpPalService.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'BTHSSecurityMgr.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'PresentationFontCache.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'daemonu.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'PsiService_2.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'sftvsa.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'sftlist.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'VIPAppService.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'mcplaunch.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'UNS.exe' - '92' Modul(e) wurden durchsucht Durchsuche Prozess 'CVHSVC.EXE' - '93' Modul(e) wurden durchsucht Durchsuche Prozess 'PrivacyIconClient.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '117' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '117' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '3104' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <Windows7_OS> Beginne mit der Suche in 'Q:\' <Lenovo_Recovery> Beginne mit der Suche in 'R:\' Der zu durchsuchende Pfad R:\ konnte nicht geöffnet werden! Systemfehler [5]: Zugriff verweigert Beginne mit der Suche in 'S:\' <SYSTEM_DRV> Ende des Suchlaufs: Mittwoch, 19. Dezember 2012 20:10 Benötigte Zeit: 2:45:44 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 55157 Verzeichnisse wurden überprüft 2197170 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 2197170 Dateien ohne Befall 14014 Archive wurden durchsucht 0 Warnungen 0 Hinweise 1108922 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden |
19.12.2012, 21:18 | #5 | ||
/// TB-Ausbilder | Lufthansa Spam - Anhang geöffnet Gut soweit: Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
19.12.2012, 22:42 | #6 |
| Lufthansa Spam - Anhang geöffnet ich hab es eben zweimal probiert, wobei ich beim ersten Mal etwas vom Start überrascht war und doch meine Maus bewegt habe...außerdem hatte Avira doch noch irgendwas blockiert. Beim zweiten Mal hab ich noch irgendwo ein paar Häkchen rausgenommen aber wie beim ersten Mal läuft es nun schon über 10 Minuten und kommt nicht weiter als Stufe 4. Weißt du was man da machen kann, oder wo man Avira komplett beenden kann, falls es daran liegt? Fehlermeldung kommt auf der Konsole keine. |
19.12.2012, 23:17 | #7 |
/// TB-Ausbilder | Lufthansa Spam - Anhang geöffnet benenne die combofix.exe um in NoMBR.exe und versuch es nochmal
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
20.12.2012, 01:20 | #8 |
| Lufthansa Spam - Anhang geöffnet So, danke für die Antwort, aber jetzt ist es doch noch durchgelaufen, hat nur etwas länger gedauert (also so 2-3 Stunden grob geschätzt). Ich kann Anwendungen aktuell nur als Admin starten, ist das normal? --->hat sich doch durch Neustart erledigt Und hier kommt das Logfile (leider hat sich einmal zwischendrin lukeFilewalker eingeschalten aber ich hab einfach nichts gemacht und es ist weiter durchgelaufen) Code:
ATTFilter ComboFix 12-12-19.02 - Christina 19.12.2012 22:29:33.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.7786.4623 [GMT 1:00] ausgeführt von:: c:\users\Christina\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\Roaming c:\windows\SysWow64\d2d1debug1.dll Q:\Autorun.inf . . ((((((((((((((((((((((( Dateien erstellt von 2012-11-19 bis 2012-12-19 )))))))))))))))))))))))))))))) . . 2012-12-19 23:34 . 2012-12-19 23:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-12-19 23:34 . 2012-12-19 23:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-18 17:53 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3F5BE4C-C68B-483B-856D-D3031774FF3F}\mpengine.dll 2012-12-12 23:26 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-12 23:26 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-12 23:26 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 23:26 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-12 23:26 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-06 19:33 . 2012-12-06 21:18 -------- d-----w- c:\users\Christina\AppData\Roaming\gnupg 2012-12-06 19:31 . 2012-12-06 19:31 -------- d-----w- c:\program files (x86)\GNU 2012-12-06 19:15 . 2012-12-06 19:20 -------- d-----w- c:\users\Christina\AppData\Roaming\Trillian 2012-12-06 19:14 . 2012-12-06 19:15 -------- d-----w- c:\program files (x86)\Trillian 2012-12-06 12:34 . 2012-12-06 17:39 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2012-11-30 13:45 . 2012-11-30 13:45 -------- d-----w- c:\users\Christina\BAföGHannover 2012-11-27 21:02 . 2012-11-27 21:02 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-11-27 21:02 . 2012-11-27 21:02 -------- d-----r- c:\program files (x86)\Skype 2012-11-20 13:31 . 2012-11-22 15:32 -------- d-----w- C:\xampp . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-13 12:19 . 2012-08-22 17:24 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-11 12:29 . 2012-10-17 20:15 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-12-11 12:29 . 2012-10-17 20:15 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-11-01 19:21 . 2012-11-01 19:21 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-10-16 08:38 . 2012-11-27 19:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 19:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 19:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-14 19:03 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-14 19:03 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-14 19:03 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 19:03 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 16:40 . 2012-12-12 23:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-14 19:03 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-14 19:03 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-14 19:03 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-14 19:03 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-14 19:03 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-14 19:03 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-14 19:03 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-14 19:03 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-14 19:03 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-14 19:03 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-14 19:03 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-09-26 11:29 . 2012-09-26 11:29 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-09-26 11:29 . 2012-09-26 11:30 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-26 11:29 . 2012-09-26 11:29 289768 ----a-w- c:\windows\system32\javaws.exe 2012-09-26 11:29 . 2012-09-26 11:29 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-26 11:29 . 2012-09-26 11:29 189416 ----a-w- c:\windows\system32\javaw.exe 2012-09-26 11:29 . 2012-09-26 11:29 188904 ----a-w- c:\windows\system32\java.exe 2012-09-25 22:47 . 2012-11-14 19:01 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-09-25 22:46 . 2012-11-14 19:01 95744 ----a-w- c:\windows\system32\synceng.dll 2012-09-24 07:58 . 2012-10-17 20:15 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-09-22 10:05 . 2012-09-22 10:05 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-22 10:05 . 2012-09-22 10:05 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}] 2011-12-28 12:21 128064 ----a-w- c:\program files (x86)\icq\Internet Explorer\icq.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-10-18 21:52 94208 ----a-w- c:\users\Christina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-10-18 21:52 94208 ----a-w- c:\users\Christina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-10-18 21:52 94208 ----a-w- c:\users\Christina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_2FF7A81396EE05703C724183058CEE0F"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 133400] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-20 507744] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-04-11 5939776] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376] "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712] "IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-10-10 55560] "Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-08-08 1564368] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800] . c:\users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Christina\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-10-18 26643352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-04-30 123816] R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-02-02 145472] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584] R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [2012-07-03 31744] R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys [2012-07-03 29184] R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys [2012-07-03 36352] R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys [2012-07-04 93184] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2012-06-05 31744] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-02-21 1304912] R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys [2012-01-17 70416] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-12-20 34200] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-04-11 1662528] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-04-11 1665088] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-06-05 147288] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-06-05 117080] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-12-24 28992] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-12-28 25416] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104] S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-01 254528] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2012-01-30 33344] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-02-21 1014096] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-02-21 1104208] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784] S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-09 8447848] S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-01-17 169776] S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-12-22 313672] S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-08-08 1564368] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-06 128280] S2 intelsba;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-10-10 50440] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-06 163608] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-04-10 58192] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-04-10 61264] S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [2012-04-10 175440] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x] S2 SearchAnonymizer;SearchAnonymizer;c:\users\Christina\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2012-08-08 40960] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-05-18 127488] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-12-29 144960] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800] S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-04-10 84080] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656] S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-02-26 2669840] S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys [2012-02-16 216064] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-11-30 94720] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-30 747008] S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-02-14 60928] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-12-20 25496] S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2011-05-29 40248] S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys [2011-12-07 27432] . . Inhalt des "geplante Tasks" Ordners . 2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 17:51] . 2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 17:51] . 2012-12-19 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41] . 2012-12-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-10-18 21:52 97792 ----a-w- c:\users\Christina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-10-18 21:52 97792 ----a-w- c:\users\Christina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-10-18 21:52 97792 ----a-w- c:\users\Christina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-10-18 21:52 97792 ----a-w- c:\users\Christina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-09 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-09 440600] "BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 11406608] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-01 564352] "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056] "SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1654400] "TpShocks"="TpShocks.exe" [2012-02-24 382528] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-04-10 283984] "Ocs_SM"="c:\users\Christina\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-08-08 106496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Zusätzlicher Suchlauf ------- . uStart Page = my.daemon-search.com uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Free YouTube to MP3 Converter - c:\users\Christina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\th1yim1w.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot] "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot] "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\progra~2\ICQ6TO~1\ICQSER~1.EXE c:\windows\SysWOW64\SAsrv.exe c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\SysWOW64\vmnat.exe c:\program files (x86)\VMware\VMware Player\vmware-authd.exe c:\windows\SysWOW64\vmnetdhcp.exe c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\program files (x86)\Lenovo\message center plus\mcplaunch.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\lenovo\lenovo solution center\lsc.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-12-20 01:03:48 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-12-20 00:03 . Vor Suchlauf: 13 Verzeichnis(se), 530.289.647.616 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 529.877.635.072 Bytes frei . - - End Of File - - C8F982951512977235A045C690B9FCA1 Geändert von Chris10101 (20.12.2012 um 01:26 Uhr) |
20.12.2012, 09:40 | #9 |
/// TB-Ausbilder | Lufthansa Spam - Anhang geöffnet Na das ist schon etwas seltsam, aber erstmal kein Grund zur Unruhe. Letzter Test: Scan mit MBAR Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
20.12.2012, 13:57 | #10 | |
| Lufthansa Spam - Anhang geöffnet Was meinst du mit seltsam? Wurde nicht das gefunden, was du erwartet hast? Weil ich mich wie gesagt mittlerweile frage, auf welchem meiner Geräte ich das gemacht hatte und wenn es doch nicht hier war (wobei ich mir anfangs ziemlich sicher war) dann sollte ich dringend noch das gleiche bei meinem Netbook machen... Ich starte trotzdem gleich mal mbar, danke Zitat:
|
20.12.2012, 15:47 | #11 |
/// TB-Ausbilder | Lufthansa Spam - Anhang geöffnet Das macht mich nachdenklich ... Scan mit Farbar's Recovery Scan Tool (FRST 64bit)
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
20.12.2012, 19:57 | #12 | |
| Lufthansa Spam - Anhang geöffnet So, hallo, da bin ich wieder. Musste leider weg wegen Terminen... Ich hoffe es ist okay, wenn ich noch ein paar Fragen stelle, im Moment bin ich doch ziemlich verwirrt... Zum einen - ich hatte ja diese Meldung Zitat:
Was mich zu meinem nächsten Punkt führt - kannst du mir nun mit Sicherheit sagen, dass das Gerät infiziert ist? Ich hatte ja schonmal angemerkt, dass ich mir nicht mehr ganz sicher bin, welches von beiden, und es wäre wohl nicht eben sinnvoll, wenn es nun doch umgekehrt wäre und ich das Recovery Scan Tool gerade vom infizierten Gerät herunterlade, um das dann an das saubere weiterzugeben...Ein anderes Gerät steht mir momentan leider nicht zur Verfügung. Würde dir ODT und EXIT vom bisher nicht angesprochenen Gerät weiterhelfen? Hab diesen Schritt vorläufig hier auch nochmal durchgeführt. Vollständiger Scan hatte auch hier nichts ergeben, allerdings mit Windows Essentials, also weiß ich nicht, inwieweit das was zu sagen hat. Und ganz zum Schluss...gibt es denn eine sinnvolle Möglichkeit bzw. wann wäre es mal an der Zeit, meine Daten irgendwie zu retten und dabei sicherzugehen, dass sie sauber sind? Es wäre kein Weltuntergang das System neu aufzusetzen, aber im Moment ist leider viel und wichtiges drauf, was ich noch brauche. Welcher Weg wäre jetzt sinnvoll? Was ist eigentlich mit Dropbox und Emails, gibts da irgendwelche Risiken aufgrund der Verbindung zum Gerät? |
20.12.2012, 21:08 | #13 |
/// TB-Ausbilder | Lufthansa Spam - Anhang geöffnet Jetzt erstmal langsam ... FRST kannst du auf jeden Fall absolut gefahrlos machen. Aber die Tatsache, dass MBAR hier streikt, lässt mich vermuten, dass da noch was blödes drauf ist. Wie wir weitermachen ist dir überlassen, wenn du eine Anleitung zum Daten sichern willst, dann sags
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
20.12.2012, 21:10 | #14 |
| Lufthansa Spam - Anhang geöffnet Also soll ich das mbar setup nicht ausführen? und war bisher etwas relevantes drauf, was nun beseitigt ist? Eine Anleitung zum Dateien sichern wäre auf jeden Fall mal super, gerne. |
20.12.2012, 21:12 | #15 |
/// TB-Ausbilder | Lufthansa Spam - Anhang geöffnet Wir haben einen mir dem Namen nach unbekannten Schädling gekillt. Das kann alles gewesen sein, muss aber nicht. Also Datensichern und dann formatieren?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
Themen zu Lufthansa Spam - Anhang geöffnet |
achtung, andere, anderen, anhang, anwendung, avira, e-banking, gefunde, gerät, heute, hinweise, immernoch, lufthansa, mail, nichts, online-banking, rechtsklick, scan, schritte, seitdem, spam, suchmaschine, troja, trojaner, verwirrt, vollständige |