| |
| |||||||
Log-Analyse und Auswertung: Virus "Deutsche Post" Aufforderung zur SendungsabholungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.12.2012, 17:41
| #1 |
 |  Virus "Deutsche Post" Aufforderung zur Sendungsabholung Hallo zusammen, ich habe vorhin eine Email der "Deutschen Post" (post@deutschepost.de) bekommen und mich leider erst im Nachhinein über die .zip-Datei gewundert. Dr. Google an einem 2. PC brachte mich auf eure Seite. Die Tipps unter "Anleitung: Malwarebytes Anti-Malware " habe ich soeben ausgeführt, mit folgendem Ergebnis: [FONT="Courier New"] Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.22.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Amalia :: AMALIA-PC [Administrator] Schutz: Aktiviert 22.12.2012 17:21:30 mbam-log-2012-12-22 (17-21-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 230103 Laufzeit: 2 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|esrofomf (Backdoor.Bot.EMWD) -> Daten: "C:\Users\Amalia\AppData\Local\ltxbnrrg.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\ProgramData\pcdfdata (Rogue.PCDefenderPlus) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Amalia\M-1-74-6482-7942-8945 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 5 C:\Users\Amalia\AppData\Local\ltxbnrrg.exe (Backdoor.Bot.EMWD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\pcdfdata\mkjeagle.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\pcdfdata\defs.bin (Rogue.PCDefenderPlus) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\pcdfdata\config.bin (Rogue.PCDefenderPlus) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\pcdfdata\vl.bin (Rogue.PCDefenderPlus) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Bin ich damit jetzt gerettet oder geht die Arbeit erst richtig los? Vielen Dank für eure Antworten (sicherheitshalber bitte wenige Fachbegriffe, ich hab leider nicht sooo viel Ahnung). Liebe Grüße - und schöne Weihnachten Eure Mamalia Nachtrag: Das Malwarebytes Anti-Malware-Programm zeigt mir gerade in regelmäßigen Abständen an: "Zugang zu einer potentiell gefährlichen Website wurde gestoppt: 82.146.57.123" "Art:ausgehend" "Port: 51340" "Prozess: avwebgrd.exe". Ich habe zzt Micky Maus auf Youtube laufen - über den Firefox. Und das Mailprogramm Thunderbird geöffnet. Geändert von Mamalia (22.12.2012 um 18:31 Uhr) |
|
22.12.2012, 20:40
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus "Deutsche Post" Aufforderung zur Sendungsabholung Hallo und
__________________
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Mach bitte einen CustomScan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
23.12.2012, 09:18
| #3 |
| | Virus "Deutsche Post" Aufforderung zur Sendungsabholung Guten Morgen und danke für die schnelle Antwort. Ich bin deinen Anweisungen mit folgendem Ergebnis gefolgt:
__________________Code:
ATTFilter OTL logfile created on: 23.12.2012 08:59:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amalia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,96 Gb Available Physical Memory | 73,99% Memory free 8,00 Gb Paging File | 6,38 Gb Available in Paging File | 79,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 300,00 Gb Total Space | 255,04 Gb Free Space | 85,01% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 538,22 Gb Free Space | 57,78% Space Free | Partition Type: NTFS Drive E: | 629,50 Gb Total Space | 603,43 Gb Free Space | 95,86% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: AMALIA-PC | User Name: Amalia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.23 08:51:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amalia\Desktop\OTL.exe PRC - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.05 16:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe PRC - [2012.08.08 18:11:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.09 12:52:52 | 000,192,512 | ---- | M] () -- C:\Users\Amalia\AppData\Roaming\Yhzul\umavg.exe PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009.02.19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe PRC - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe ========== Modules (No Company Name) ========== MOD - [2011.01.09 12:52:52 | 000,192,512 | ---- | M] () -- C:\Users\Amalia\AppData\Roaming\Yhzul\umavg.exe MOD - [2007.05.10 12:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe MOD - [2007.04.21 08:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe ========== Services (SafeList) ========== SRV - [2012.12.12 16:20:16 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.06 18:38:28 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.08.24 11:57:00 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.05.19 15:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2008.02.22 18:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:64bit: - [2007.11.22 13:48:46 | 010,733,184 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp325.sys -- (SNP325) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A4F3E31-641E-4F75-B017-9B931AA6BB6E} IE:64bit: - HKLM\..\SearchScopes\{6A4F3E31-641E-4F75-B017-9B931AA6BB6E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {5F59A8CE-D2B8-45D6-9204-8DAEF870D309} IE - HKLM\..\SearchScopes\{5F59A8CE-D2B8-45D6-9204-8DAEF870D309}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10399&gct=hp&dc=EU&locale=de_NL IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10399&gct=hp&dc=EU&locale=de_NL IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 [binary data] IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=be11822c00000000000000199977be0c IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=be11822c00000000000000199977be0c IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{15B4B87A-2861-4246-8E8B-1597293E3F16}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{297F7C10-951E-4F69-9E9F-30FA301B3E00}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10399&src=crm&q={searchTerms}&locale=de_NL&apn_ptnrs=^ABX&apn_dtid=^YYYYYY^YY^NL&apn_uid=bc48a339-2861-41cb-98eb-763bf62b7128&apn_sauid=5486F1A9-363B-4610-985E-7FBE7E72CD3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{4BBF489A-0EF5-4F2D-9F10-6BDF06A37AE1}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{59232AD8-C372-4ABF-9A95-6D178D3606BB}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{8E256A99-D1CD-4775-8174-10E6C012BCC8}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{8EE1426C-AD21-4249-A822-8F5D45920740}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Amalia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 18:38:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 18:38:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.21 17:07:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 18:38:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 18:38:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.21 17:07:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.07.01 13:32:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\Extensions [2012.12.22 17:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\extensions [2012.12.22 17:51:06 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\firefox\profiles\hgcsgmew.default-1356193177807\extensions\toolbar@web.de.xpi [2012.12.06 18:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.06 18:38:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.06 18:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.12.06 18:38:24 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de [2012.12.06 18:38:28 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.17 14:44:44 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.16 06:35:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.16 09:53:37 | 000,000,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - D:\IEButtonAmazonInterface.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (eBay) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - D:\IEButtonEbayInterface.dll () O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (instplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Amalia\AppData\Roaming\instplugin\toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O3 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000..\Run: [Emxuol] C:\Users\Amalia\AppData\Roaming\Yhzul\umavg.exe () O4 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Amalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: amazon Suche - D:\Searchamazon.htm () O8:64bit: - Extra context menu item: amazon Suche starten - D:\Searchamazon.htm () O8:64bit: - Extra context menu item: eBay - Mein eBay - D:\SearchEbaymein.htm () O8:64bit: - Extra context menu item: eBay - Powersuche - D:\SearchEbaypower.htm () O8:64bit: - Extra context menu item: eBay - Startseite - D:\SearchEbay.htm () O8:64bit: - Extra context menu item: eBay Suche starten - D:\SearchEbay.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Suche - D:\SearchGoogle.htm () O8:64bit: - Extra context menu item: Google Suche starten - D:\SearchGoogle.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: amazon Suche - D:\Searchamazon.htm () O8 - Extra context menu item: amazon Suche starten - D:\Searchamazon.htm () O8 - Extra context menu item: eBay - Mein eBay - D:\SearchEbaymein.htm () O8 - Extra context menu item: eBay - Powersuche - D:\SearchEbaypower.htm () O8 - Extra context menu item: eBay - Startseite - D:\SearchEbay.htm () O8 - Extra context menu item: eBay Suche starten - D:\SearchEbay.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Suche - D:\SearchGoogle.htm () O8 - Extra context menu item: Google Suche starten - D:\SearchGoogle.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 83.169.184.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65CE6E1C-4D7C-4B32-AA8B-3D5F48CC0C9B}: DhcpNameServer = 83.169.184.161 83.169.184.225 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{073636e7-3d35-11e1-9c4d-00199977be0c}\Shell - "" = AutoRun O33 - MountPoints2\{073636e7-3d35-11e1-9c4d-00199977be0c}\Shell\AutoRun\command - "" = L:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) MsConfig:64bit - StartUpReg: EPSON SX410 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIFCE.EXE (SEIKO EPSON CORPORATION) MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Amalia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) MsConfig:64bit - StartUpReg: FixCamera - hkey= - key= - C:\Windows\FixCamera.exe () MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.23 08:51:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Amalia\Desktop\OTL.exe [2012.12.22 17:19:25 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Malwarebytes [2012.12.22 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.22 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.22 17:19:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.22 17:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.22 16:15:06 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Yhzul [2012.12.22 16:15:06 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Yges [2012.12.22 16:15:06 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Opovr [2012.12.06 18:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.04 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.12.04 17:37:10 | 000,000,000 | ---D | C] -- C:\NVIDIA ========== Files - Modified Within 30 Days ========== [2012.12.23 08:51:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amalia\Desktop\OTL.exe [2012.12.23 08:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.23 07:36:02 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000UA.job [2012.12.23 07:00:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.23 07:00:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.23 06:51:53 | 3219,984,384 | -HS- | M] () -- C:\hiberfil.sys [2012.12.22 19:36:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000Core.job [2012.12.22 17:20:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.22 17:20:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.22 17:20:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.22 17:20:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.22 17:20:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.22 17:19:18 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.21 13:56:08 | 000,427,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb ========== Files Created - No Company Name ========== [2012.12.22 17:19:18 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.01 10:32:26 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2012.03.30 17:06:11 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe [2012.03.30 17:06:11 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe [2012.03.30 17:06:11 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp325.dll [2012.03.30 17:06:11 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpx32.dll [2012.03.30 17:06:11 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini [2012.03.30 16:48:11 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnp325.dll [2012.03.30 16:48:11 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp325.dll [2011.12.17 14:37:52 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.12.17 14:33:15 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.08.30 11:52:41 | 000,000,000 | ---- | C] () -- C:\Users\Amalia\AppData\Roaming\chrtmp [2010.05.06 20:40:15 | 000,000,017 | ---- | C] () -- C:\Users\Amalia\AppData\Local\resmon.resmoncfg [2010.05.04 18:01:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.02.13 15:28:53 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\1&1 Mail & Media GmbH [2011.12.17 14:33:12 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Babylon [2011.12.17 14:45:04 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\DesktopIconForAmazon [2011.12.11 11:30:54 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\DVDVideoSoft [2011.12.11 11:30:48 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.14 12:41:57 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\EPSON [2012.05.16 09:53:39 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Gutscheinmieze [2011.02.03 17:02:08 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\ICQ [2012.05.16 09:53:37 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\instplugin [2011.01.08 15:27:53 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\IrfanView [2011.12.17 14:37:52 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\OCS [2011.12.17 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Opera [2012.12.22 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Opovr [2012.09.17 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\PhotoScape [2012.01.12 17:03:50 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Sony [2012.08.28 14:28:38 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Thunderbird [2011.09.14 17:18:25 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\TS3Client [2010.05.06 19:57:54 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\TuneUp Software [2012.12.22 17:51:12 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Yges [2012.12.22 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Yhzul ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.02.27 18:15:03 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.08.18 09:32:01 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.08.17 23:37:31 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.12.16 11:53:37 | 000,000,000 | ---D | M] -- C:\Drivers [2009.09.29 10:22:17 | 000,000,000 | ---D | M] -- C:\Fujitsu [2011.01.31 17:20:20 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.12.04 17:37:10 | 000,000,000 | ---D | M] -- C:\NVIDIA [2012.08.30 14:22:06 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.22 17:19:17 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.12.22 17:36:39 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.08.17 23:37:31 | 000,000,000 | -HSD | M] -- C:\Programme [2009.08.17 23:38:36 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.12.23 09:00:59 | 000,000,000 | ---D | M] -- C:\System Volume Information [2012.11.17 21:06:59 | 000,000,000 | R--D | M] -- C:\Users [2012.12.05 06:09:39 | 000,000,000 | ---D | M] -- C:\Windows < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.02.13 15:28:53 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\1&1 Mail & Media GmbH [2010.04.12 13:40:53 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Adobe [2012.08.06 05:05:06 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Apple Computer [2012.07.01 10:51:30 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Avira [2011.12.17 14:33:12 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Babylon [2011.01.31 17:40:43 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Creative [2011.12.17 14:45:04 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\DesktopIconForAmazon [2010.09.12 16:35:52 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\dvdcss [2011.12.11 11:30:54 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\DVDVideoSoft [2011.12.11 11:30:48 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.14 12:41:57 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\EPSON [2010.02.27 20:13:31 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Google [2012.05.16 09:53:39 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Gutscheinmieze [2011.02.03 17:02:08 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\ICQ [2010.02.27 18:15:05 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Identities [2010.10.14 12:29:12 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\InstallShield [2012.05.16 09:53:37 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\instplugin [2011.01.08 15:27:53 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\IrfanView [2010.04.12 13:40:53 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Macromedia [2012.12.22 17:19:25 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Malwarebytes [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Media Center Programs [2012.12.22 16:15:20 | 000,000,000 | --SD | M] -- C:\Users\Amalia\AppData\Roaming\Microsoft [2012.07.01 13:32:06 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Mozilla [2010.11.23 14:47:26 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Nero [2011.12.17 14:37:52 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\OCS [2011.12.17 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Opera [2012.12.22 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Opovr [2012.09.17 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\PhotoScape [2012.09.29 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Skype [2012.02.10 18:02:38 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\skypePM [2012.01.12 17:03:50 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Sony [2010.04.12 13:42:02 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\teamspeak2 [2012.08.28 14:28:38 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Thunderbird [2011.09.14 17:18:25 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\TS3Client [2010.05.06 19:57:54 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\TuneUp Software [2011.12.12 14:36:10 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\vlc [2010.04.28 19:44:47 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\WinRAR [2012.12.22 17:51:12 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Yges [2012.12.22 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Amalia\AppData\Roaming\Yhzul < %APPDATA%\*.exe /s > [2011.12.17 14:37:50 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Amalia\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe [2011.07.12 14:36:49 | 003,085,984 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Amalia\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2011.12.17 14:37:52 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Amalia\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [2011.12.17 14:37:52 | 000,040,960 | ---- | M] () -- C:\Users\Amalia\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011.01.09 12:52:52 | 000,192,512 | ---- | M] () -- C:\Users\Amalia\AppData\Roaming\Yhzul\umavg.exe < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > < > [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.06 19:26:44 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000Core.job [2012.03.06 19:26:45 | 000,001,142 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000UA.job [2012.06.23 08:06:34 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < End of report > |
|
23.12.2012, 18:47
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "Deutsche Post" Aufforderung zur SendungsabholungCode:
ATTFilter MOD - [2011.01.09 12:52:52 | 000,192,512 | ---- | M] () -- C:\Users\Amalia\AppData\Roaming\Yhzul\umavg.exe
 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.12.2012, 20:01
| #5 |
| | Virus "Deutsche Post" Aufforderung zur Sendungsabholung Erledigt.Ja ich bin leider ein echter Pflegefall in solchen Dingen... asw: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-23 19:45:04
-----------------------------
19:45:04.675 OS Version: Windows x64 6.1.7601 Service Pack 1
19:45:04.675 Number of processors: 4 586 0x170A
19:45:04.675 ComputerName: AMALIA-PC UserName: Amalia
19:45:07.156 Initialize success
19:55:34.323 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007b
19:55:34.323 Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 3
19:55:34.323 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007d
19:55:34.323 Disk 1 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 3
19:55:34.354 Disk 0 MBR read successfully
19:55:34.370 Disk 0 MBR scan
19:55:34.370 Disk 0 Windows 7 default MBR code
19:55:34.385 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 2049 MB offset 12678
19:55:34.401 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 307201 MB offset 4212332
19:55:34.432 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 644610 MB offset 633360384
19:55:34.448 Disk 0 scanning C:\Windows\system32\drivers
19:55:39.206 Service scanning
19:55:52.154 Modules scanning
19:55:52.154 Disk 0 trace - called modules:
19:55:52.169 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
19:55:52.185 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048fb060]
19:55:52.185 3 CLASSPNP.SYS[fffff8800115a43f] -> nt!IofCallDriver -> [0xfffffa80046dce40]
19:55:52.185 5 ACPI.sys[fffff88000f957a1] -> nt!IofCallDriver -> \Device\0000007b[0xfffffa80046d7170]
19:55:52.201 Scan finished successfully
19:56:08.705 Disk 0 MBR has been saved successfully to "C:\Users\Amalia\Desktop\MBR.dat"
19:56:08.705 The log file has been saved successfully to "C:\Users\Amalia\Desktop\aswMBR.txt"
Code:
ATTFilter 19:56:55.0978 4920 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:56:56.0321 4920 ============================================================
19:56:56.0321 4920 Current date / time: 2012/12/23 19:56:56.0321
19:56:56.0321 4920 SystemInfo:
19:56:56.0321 4920
19:56:56.0321 4920 OS Version: 6.1.7601 ServicePack: 1.0
19:56:56.0321 4920 Product type: Workstation
19:56:56.0321 4920 ComputerName: AMALIA-PC
19:56:56.0321 4920 UserName: Amalia
19:56:56.0321 4920 Windows directory: C:\Windows
19:56:56.0321 4920 System windows directory: C:\Windows
19:56:56.0321 4920 Running under WOW64
19:56:56.0321 4920 Processor architecture: Intel x64
19:56:56.0321 4920 Number of processors: 4
19:56:56.0321 4920 Page size: 0x1000
19:56:56.0321 4920 Boot type: Normal boot
19:56:56.0321 4920 ============================================================
19:56:57.0179 4920 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:56:57.0195 4920 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:56:57.0210 4920 ============================================================
19:56:57.0210 4920 \Device\Harddisk0\DR0:
19:56:57.0210 4920 MBR partitions:
19:56:57.0210 4920 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x40466C, BlocksNum 0x25800800
19:56:57.0210 4920 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25C05000, BlocksNum 0x4EB01000
19:56:57.0210 4920 \Device\Harddisk1\DR1:
19:56:57.0210 4920 MBR partitions:
19:56:57.0210 4920 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
19:56:57.0210 4920 ============================================================
19:56:57.0241 4920 C: <-> \Device\Harddisk0\DR0\Partition1
19:56:57.0257 4920 D: <-> \Device\Harddisk1\DR1\Partition1
19:56:57.0288 4920 E: <-> \Device\Harddisk0\DR0\Partition2
19:56:57.0304 4920 ============================================================
19:56:57.0304 4920 Initialize success
19:56:57.0304 4920 ============================================================
19:57:12.0186 4068 ============================================================
19:57:12.0186 4068 Scan started
19:57:12.0186 4068 Mode: Manual; SigCheck; TDLFS;
19:57:12.0186 4068 ============================================================
19:57:12.0451 4068 ================ Scan system memory ========================
19:57:12.0451 4068 System memory - ok
19:57:12.0451 4068 ================ Scan services =============================
19:57:12.0576 4068 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:57:12.0670 4068 1394ohci - ok
19:57:12.0717 4068 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:57:12.0732 4068 ACPI - ok
19:57:12.0763 4068 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:57:12.0810 4068 AcpiPmi - ok
19:57:12.0919 4068 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:57:12.0935 4068 AdobeFlashPlayerUpdateSvc - ok
19:57:12.0982 4068 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:57:12.0997 4068 adp94xx - ok
19:57:13.0013 4068 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:57:13.0044 4068 adpahci - ok
19:57:13.0060 4068 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:57:13.0075 4068 adpu320 - ok
19:57:13.0091 4068 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:57:13.0216 4068 AeLookupSvc - ok
19:57:13.0247 4068 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:57:13.0309 4068 AFD - ok
19:57:13.0325 4068 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:57:13.0341 4068 agp440 - ok
19:57:13.0372 4068 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:57:13.0434 4068 ALG - ok
19:57:13.0481 4068 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:57:13.0497 4068 aliide - ok
19:57:13.0497 4068 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:57:13.0512 4068 amdide - ok
19:57:13.0543 4068 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:57:13.0590 4068 AmdK8 - ok
19:57:13.0606 4068 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:57:13.0637 4068 AmdPPM - ok
19:57:13.0668 4068 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:57:13.0684 4068 amdsata - ok
19:57:13.0699 4068 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:57:13.0715 4068 amdsbs - ok
19:57:13.0731 4068 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:57:13.0746 4068 amdxata - ok
19:57:13.0793 4068 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:57:13.0809 4068 AntiVirSchedulerService - ok
19:57:13.0840 4068 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:57:13.0840 4068 AntiVirService - ok
19:57:13.0871 4068 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:57:13.0902 4068 AntiVirWebService - ok
19:57:13.0918 4068 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:57:14.0027 4068 AppID - ok
19:57:14.0043 4068 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:57:14.0089 4068 AppIDSvc - ok
19:57:14.0136 4068 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:57:14.0183 4068 Appinfo - ok
19:57:14.0199 4068 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:57:14.0214 4068 arc - ok
19:57:14.0230 4068 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:57:14.0245 4068 arcsas - ok
19:57:14.0245 4068 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:57:14.0292 4068 AsyncMac - ok
19:57:14.0339 4068 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:57:14.0339 4068 atapi - ok
19:57:14.0386 4068 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:57:14.0448 4068 AudioEndpointBuilder - ok
19:57:14.0464 4068 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:57:14.0495 4068 AudioSrv - ok
19:57:14.0557 4068 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:57:14.0589 4068 avgntflt - ok
19:57:14.0620 4068 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:57:14.0635 4068 avipbb - ok
19:57:14.0651 4068 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:57:14.0651 4068 avkmgr - ok
19:57:14.0682 4068 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:57:14.0760 4068 AxInstSV - ok
19:57:14.0791 4068 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:57:14.0838 4068 b06bdrv - ok
19:57:14.0854 4068 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:57:14.0901 4068 b57nd60a - ok
19:57:14.0947 4068 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:57:14.0994 4068 BDESVC - ok
19:57:15.0010 4068 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:57:15.0072 4068 Beep - ok
19:57:15.0119 4068 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:57:15.0166 4068 BFE - ok
19:57:15.0197 4068 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:57:15.0244 4068 BITS - ok
19:57:15.0275 4068 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:57:15.0291 4068 blbdrive - ok
19:57:15.0306 4068 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:57:15.0369 4068 bowser - ok
19:57:15.0384 4068 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:57:15.0447 4068 BrFiltLo - ok
19:57:15.0462 4068 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:57:15.0478 4068 BrFiltUp - ok
19:57:15.0509 4068 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:57:15.0571 4068 Browser - ok
19:57:15.0603 4068 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:57:15.0649 4068 Brserid - ok
19:57:15.0649 4068 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:57:15.0681 4068 BrSerWdm - ok
19:57:15.0696 4068 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:57:15.0712 4068 BrUsbMdm - ok
19:57:15.0743 4068 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:57:15.0759 4068 BrUsbSer - ok
19:57:15.0790 4068 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:57:15.0790 4068 BTHMODEM - ok
19:57:15.0821 4068 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:57:15.0868 4068 bthserv - ok
19:57:15.0915 4068 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:57:15.0946 4068 cdfs - ok
19:57:15.0993 4068 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:57:16.0008 4068 cdrom - ok
19:57:16.0055 4068 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:57:16.0102 4068 CertPropSvc - ok
19:57:16.0133 4068 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:57:16.0149 4068 circlass - ok
19:57:16.0180 4068 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:57:16.0195 4068 CLFS - ok
19:57:16.0242 4068 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:57:16.0242 4068 clr_optimization_v2.0.50727_32 - ok
19:57:16.0273 4068 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:57:16.0289 4068 clr_optimization_v2.0.50727_64 - ok
19:57:16.0336 4068 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:57:16.0351 4068 clr_optimization_v4.0.30319_32 - ok
19:57:16.0367 4068 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:57:16.0383 4068 clr_optimization_v4.0.30319_64 - ok
19:57:16.0414 4068 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:57:16.0429 4068 CmBatt - ok
19:57:16.0461 4068 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:57:16.0461 4068 cmdide - ok
19:57:16.0507 4068 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:57:16.0539 4068 CNG - ok
19:57:16.0570 4068 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:57:16.0570 4068 Compbatt - ok
19:57:16.0617 4068 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:57:16.0648 4068 CompositeBus - ok
19:57:16.0663 4068 COMSysApp - ok
19:57:16.0679 4068 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:57:16.0695 4068 crcdisk - ok
19:57:16.0741 4068 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:57:16.0788 4068 CryptSvc - ok
19:57:16.0819 4068 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:57:16.0866 4068 DcomLaunch - ok
19:57:16.0897 4068 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:57:16.0960 4068 defragsvc - ok
19:57:16.0975 4068 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:57:17.0022 4068 DfsC - ok
19:57:17.0038 4068 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:57:17.0085 4068 Dhcp - ok
19:57:17.0116 4068 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:57:17.0147 4068 discache - ok
19:57:17.0178 4068 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:57:17.0178 4068 Disk - ok
19:57:17.0209 4068 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:57:17.0272 4068 Dnscache - ok
19:57:17.0303 4068 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:57:17.0334 4068 dot3svc - ok
19:57:17.0365 4068 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:57:17.0412 4068 DPS - ok
19:57:17.0428 4068 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:57:17.0459 4068 drmkaud - ok
19:57:17.0490 4068 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:57:17.0521 4068 DXGKrnl - ok
19:57:17.0537 4068 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:57:17.0584 4068 EapHost - ok
19:57:17.0646 4068 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:57:17.0724 4068 ebdrv - ok
19:57:17.0755 4068 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:57:17.0802 4068 EFS - ok
19:57:17.0849 4068 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:57:17.0911 4068 ehRecvr - ok
19:57:17.0927 4068 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:57:17.0958 4068 ehSched - ok
19:57:18.0005 4068 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:57:18.0021 4068 elxstor - ok
19:57:18.0052 4068 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:57:18.0067 4068 ErrDev - ok
19:57:18.0099 4068 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:57:18.0130 4068 EventSystem - ok
19:57:18.0161 4068 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:57:18.0192 4068 exfat - ok
19:57:18.0208 4068 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:57:18.0255 4068 fastfat - ok
19:57:18.0301 4068 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:57:18.0379 4068 Fax - ok
19:57:18.0395 4068 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:57:18.0411 4068 fdc - ok
19:57:18.0426 4068 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:57:18.0473 4068 fdPHost - ok
19:57:18.0473 4068 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:57:18.0520 4068 FDResPub - ok
19:57:18.0520 4068 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:57:18.0535 4068 FileInfo - ok
19:57:18.0551 4068 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:57:18.0582 4068 Filetrace - ok
19:57:18.0598 4068 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:57:18.0613 4068 flpydisk - ok
19:57:18.0645 4068 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:57:18.0660 4068 FltMgr - ok
19:57:18.0691 4068 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:57:18.0738 4068 FontCache - ok
19:57:18.0785 4068 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:57:18.0801 4068 FontCache3.0.0.0 - ok
19:57:18.0816 4068 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:57:18.0832 4068 FsDepends - ok
19:57:18.0863 4068 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:57:18.0863 4068 Fs_Rec - ok
19:57:18.0894 4068 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:57:18.0910 4068 fvevol - ok
19:57:18.0941 4068 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:57:18.0957 4068 gagp30kx - ok
19:57:18.0972 4068 [ 7508FCFB8D93556213F530DFFAEDEC45 ] GearAspiWDM C:\Windows\system32\drivers\GEARAspiWDM.sys
19:57:18.0972 4068 GearAspiWDM - ok
19:57:19.0019 4068 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:57:19.0066 4068 gpsvc - ok
19:57:19.0081 4068 [ AF84E64405113B84CEA7B57FA6368DC7 ] hcw85cir C:\Windows\system32\drivers\hcw85cir3.sys
19:57:19.0113 4068 hcw85cir - ok
19:57:19.0144 4068 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:57:19.0191 4068 HdAudAddService - ok
19:57:19.0222 4068 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:57:19.0237 4068 HDAudBus - ok
19:57:19.0269 4068 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:57:19.0284 4068 HidBatt - ok
19:57:19.0300 4068 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:57:19.0315 4068 HidBth - ok
19:57:19.0347 4068 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:57:19.0362 4068 HidIr - ok
19:57:19.0393 4068 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:57:19.0440 4068 hidserv - ok
19:57:19.0471 4068 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:57:19.0487 4068 HidUsb - ok
19:57:19.0503 4068 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:57:19.0565 4068 hkmsvc - ok
19:57:19.0596 4068 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:57:19.0627 4068 HomeGroupListener - ok
19:57:19.0643 4068 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:57:19.0659 4068 HomeGroupProvider - ok
19:57:19.0690 4068 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:57:19.0690 4068 HpSAMD - ok
19:57:19.0737 4068 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:57:19.0783 4068 HTTP - ok
19:57:19.0783 4068 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:57:19.0799 4068 hwpolicy - ok
19:57:19.0830 4068 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:57:19.0830 4068 i8042prt - ok
19:57:19.0861 4068 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:57:19.0893 4068 iaStorV - ok
19:57:19.0924 4068 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:57:19.0955 4068 idsvc - ok
19:57:20.0064 4068 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:57:20.0189 4068 igfx - ok
19:57:20.0205 4068 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:57:20.0205 4068 iirsp - ok
19:57:20.0251 4068 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:57:20.0298 4068 IKEEXT - ok
19:57:20.0376 4068 [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:57:20.0423 4068 IntcAzAudAddService - ok
19:57:20.0454 4068 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:57:20.0470 4068 intelide - ok
19:57:20.0485 4068 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:57:20.0517 4068 intelppm - ok
19:57:20.0532 4068 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:57:20.0579 4068 IPBusEnum - ok
19:57:20.0595 4068 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:57:20.0657 4068 IpFilterDriver - ok
19:57:20.0704 4068 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:57:20.0766 4068 iphlpsvc - ok
19:57:20.0797 4068 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:57:20.0813 4068 IPMIDRV - ok
19:57:20.0844 4068 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:57:20.0891 4068 IPNAT - ok
19:57:20.0907 4068 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:57:20.0953 4068 IRENUM - ok
19:57:20.0985 4068 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:57:21.0000 4068 isapnp - ok
19:57:21.0016 4068 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:57:21.0031 4068 iScsiPrt - ok
19:57:21.0063 4068 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:57:21.0078 4068 kbdclass - ok
19:57:21.0094 4068 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:57:21.0125 4068 kbdhid - ok
19:57:21.0156 4068 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:57:21.0156 4068 KeyIso - ok
19:57:21.0187 4068 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:57:21.0203 4068 KSecDD - ok
19:57:21.0219 4068 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:57:21.0234 4068 KSecPkg - ok
19:57:21.0265 4068 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:57:21.0297 4068 ksthunk - ok
19:57:21.0328 4068 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:57:21.0359 4068 KtmRm - ok
19:57:21.0390 4068 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:57:21.0437 4068 LanmanServer - ok
19:57:21.0453 4068 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:57:21.0515 4068 LanmanWorkstation - ok
19:57:21.0531 4068 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:57:21.0593 4068 lltdio - ok
19:57:21.0609 4068 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:57:21.0655 4068 lltdsvc - ok
19:57:21.0687 4068 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:57:21.0718 4068 lmhosts - ok
19:57:21.0749 4068 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:57:21.0765 4068 LSI_FC - ok
19:57:21.0780 4068 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:57:21.0796 4068 LSI_SAS - ok
19:57:21.0811 4068 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:57:21.0827 4068 LSI_SAS2 - ok
19:57:21.0843 4068 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:57:21.0858 4068 LSI_SCSI - ok
19:57:21.0874 4068 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:57:21.0921 4068 luafv - ok
19:57:21.0983 4068 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:57:21.0983 4068 MBAMProtector - ok
19:57:22.0030 4068 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:57:22.0045 4068 MBAMScheduler - ok
19:57:22.0077 4068 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:57:22.0092 4068 MBAMService - ok
19:57:22.0155 4068 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
19:57:22.0170 4068 McComponentHostService - ok
19:57:22.0201 4068 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:57:22.0217 4068 Mcx2Svc - ok
19:57:22.0233 4068 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:57:22.0248 4068 megasas - ok
19:57:22.0279 4068 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:57:22.0295 4068 MegaSR - ok
19:57:22.0342 4068 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:57:22.0357 4068 Microsoft Office Groove Audit Service - ok
19:57:22.0389 4068 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:57:22.0435 4068 MMCSS - ok
19:57:22.0451 4068 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:57:22.0498 4068 Modem - ok
19:57:22.0529 4068 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:57:22.0560 4068 monitor - ok
19:57:22.0591 4068 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:57:22.0607 4068 mouclass - ok
19:57:22.0623 4068 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:57:22.0638 4068 mouhid - ok
19:57:22.0685 4068 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:57:22.0685 4068 mountmgr - ok
19:57:22.0747 4068 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:57:22.0763 4068 MozillaMaintenance - ok
19:57:22.0779 4068 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:57:22.0794 4068 mpio - ok
19:57:22.0810 4068 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:57:22.0857 4068 mpsdrv - ok
19:57:22.0888 4068 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:57:22.0935 4068 MpsSvc - ok
19:57:22.0966 4068 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:57:22.0981 4068 MRxDAV - ok
19:57:23.0013 4068 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:57:23.0075 4068 mrxsmb - ok
19:57:23.0106 4068 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:57:23.0122 4068 mrxsmb10 - ok
19:57:23.0137 4068 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:57:23.0153 4068 mrxsmb20 - ok
19:57:23.0153 4068 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:57:23.0169 4068 msahci - ok
19:57:23.0200 4068 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:57:23.0215 4068 msdsm - ok
19:57:23.0231 4068 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:57:23.0262 4068 MSDTC - ok
19:57:23.0278 4068 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:57:23.0309 4068 Msfs - ok
19:57:23.0325 4068 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:57:23.0371 4068 mshidkmdf - ok
19:57:23.0387 4068 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:57:23.0403 4068 msisadrv - ok
19:57:23.0418 4068 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:57:23.0465 4068 MSiSCSI - ok
19:57:23.0465 4068 msiserver - ok
19:57:23.0496 4068 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:57:23.0527 4068 MSKSSRV - ok
19:57:23.0543 4068 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:57:23.0590 4068 MSPCLOCK - ok
19:57:23.0590 4068 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:57:23.0637 4068 MSPQM - ok
19:57:23.0668 4068 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:57:23.0683 4068 MsRPC - ok
19:57:23.0699 4068 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:57:23.0715 4068 mssmbios - ok
19:57:23.0730 4068 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:57:23.0777 4068 MSTEE - ok
19:57:23.0793 4068 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:57:23.0808 4068 MTConfig - ok
19:57:23.0824 4068 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:57:23.0839 4068 Mup - ok
19:57:23.0855 4068 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:57:23.0902 4068 napagent - ok
19:57:23.0933 4068 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:57:23.0964 4068 NativeWifiP - ok
19:57:24.0042 4068 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
19:57:24.0058 4068 NAUpdate - ok
19:57:24.0089 4068 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:57:24.0136 4068 NDIS - ok
19:57:24.0151 4068 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:57:24.0183 4068 NdisCap - ok
19:57:24.0198 4068 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:57:24.0245 4068 NdisTapi - ok
19:57:24.0261 4068 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:57:24.0307 4068 Ndisuio - ok
19:57:24.0323 4068 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:57:24.0370 4068 NdisWan - ok
19:57:24.0385 4068 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:57:24.0432 4068 NDProxy - ok
19:57:24.0463 4068 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:57:24.0495 4068 NetBIOS - ok
19:57:24.0526 4068 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:57:24.0573 4068 NetBT - ok
19:57:24.0588 4068 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:57:24.0588 4068 Netlogon - ok
19:57:24.0619 4068 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:57:24.0682 4068 Netman - ok
19:57:24.0682 4068 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:57:24.0729 4068 netprofm - ok
19:57:24.0760 4068 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:57:24.0760 4068 NetTcpPortSharing - ok
19:57:24.0791 4068 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:57:24.0807 4068 nfrd960 - ok
19:57:24.0822 4068 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:57:24.0853 4068 NlaSvc - ok
19:57:24.0869 4068 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:57:24.0900 4068 Npfs - ok
19:57:24.0931 4068 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:57:24.0963 4068 nsi - ok
19:57:24.0978 4068 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:57:25.0025 4068 nsiproxy - ok
19:57:25.0087 4068 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:57:25.0119 4068 Ntfs - ok
19:57:25.0150 4068 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:57:25.0181 4068 Null - ok
19:57:25.0212 4068 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:57:25.0212 4068 NVHDA - ok
19:57:25.0431 4068 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:57:25.0711 4068 nvlddmkm - ok
19:57:25.0758 4068 [ 9C3024E48DB4C98E50AF7D8B72D0EF89 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
19:57:25.0774 4068 NVNET - ok
19:57:25.0805 4068 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:57:25.0821 4068 nvraid - ok
19:57:25.0821 4068 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:57:25.0836 4068 nvstor - ok
19:57:25.0867 4068 [ EBFE363AAB0D6E4086ADBF04C41EBDF8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
19:57:25.0867 4068 nvstor64 - ok
19:57:25.0899 4068 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
19:57:25.0930 4068 nvsvc - ok
19:57:26.0008 4068 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:57:26.0039 4068 nvUpdatusService - ok
19:57:26.0070 4068 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:57:26.0086 4068 nv_agp - ok
19:57:26.0148 4068 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:57:26.0164 4068 odserv - ok
19:57:26.0195 4068 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:57:26.0226 4068 ohci1394 - ok
19:57:26.0242 4068 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:57:26.0242 4068 ose - ok
19:57:26.0289 4068 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:57:26.0335 4068 p2pimsvc - ok
19:57:26.0351 4068 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:57:26.0367 4068 p2psvc - ok
19:57:26.0398 4068 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:57:26.0398 4068 Parport - ok
19:57:26.0429 4068 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:57:26.0445 4068 partmgr - ok
19:57:26.0460 4068 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:57:26.0491 4068 PcaSvc - ok
19:57:26.0523 4068 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:57:26.0523 4068 pci - ok
19:57:26.0554 4068 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:57:26.0569 4068 pciide - ok
19:57:26.0601 4068 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:57:26.0616 4068 pcmcia - ok
19:57:26.0632 4068 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:57:26.0647 4068 pcw - ok
19:57:26.0663 4068 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:57:26.0710 4068 PEAUTH - ok
19:57:26.0772 4068 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:57:26.0788 4068 PerfHost - ok
19:57:26.0850 4068 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:57:26.0897 4068 pla - ok
19:57:26.0928 4068 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:57:26.0975 4068 PlugPlay - ok
19:57:26.0991 4068 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:57:27.0006 4068 PNRPAutoReg - ok
19:57:27.0037 4068 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:57:27.0053 4068 PNRPsvc - ok
19:57:27.0084 4068 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:57:27.0131 4068 PolicyAgent - ok
19:57:27.0147 4068 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:57:27.0193 4068 Power - ok
19:57:27.0225 4068 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:57:27.0256 4068 PptpMiniport - ok
19:57:27.0271 4068 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:57:27.0287 4068 Processor - ok
19:57:27.0318 4068 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:57:27.0365 4068 ProfSvc - ok
19:57:27.0381 4068 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:57:27.0381 4068 ProtectedStorage - ok
19:57:27.0412 4068 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:57:27.0459 4068 Psched - ok
19:57:27.0490 4068 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:57:27.0537 4068 ql2300 - ok
19:57:27.0537 4068 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:57:27.0552 4068 ql40xx - ok
19:57:27.0568 4068 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:57:27.0599 4068 QWAVE - ok
19:57:27.0599 4068 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:57:27.0615 4068 QWAVEdrv - ok
19:57:27.0646 4068 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:57:27.0693 4068 RasAcd - ok
19:57:27.0708 4068 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:57:27.0739 4068 RasAgileVpn - ok
19:57:27.0755 4068 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:57:27.0802 4068 RasAuto - ok
19:57:27.0833 4068 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:57:27.0880 4068 Rasl2tp - ok
19:57:27.0895 4068 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:57:27.0942 4068 RasMan - ok
19:57:27.0973 4068 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:57:28.0005 4068 RasPppoe - ok
19:57:28.0020 4068 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:57:28.0067 4068 RasSstp - ok
19:57:28.0083 4068 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:57:28.0129 4068 rdbss - ok
19:57:28.0145 4068 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:57:28.0161 4068 rdpbus - ok
19:57:28.0192 4068 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:57:28.0223 4068 RDPCDD - ok
19:57:28.0239 4068 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:57:28.0270 4068 RDPENCDD - ok
19:57:28.0285 4068 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:57:28.0317 4068 RDPREFMP - ok
19:57:28.0363 4068 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:57:28.0410 4068 RdpVideoMiniport - ok
19:57:28.0441 4068 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:57:28.0488 4068 RDPWD - ok
19:57:28.0519 4068 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:57:28.0535 4068 rdyboost - ok
19:57:28.0551 4068 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:57:28.0597 4068 RemoteAccess - ok
19:57:28.0629 4068 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:57:28.0660 4068 RemoteRegistry - ok
19:57:28.0675 4068 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:57:28.0722 4068 RpcEptMapper - ok
19:57:28.0738 4068 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:57:28.0769 4068 RpcLocator - ok
19:57:28.0800 4068 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:57:28.0831 4068 RpcSs - ok
19:57:28.0863 4068 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:57:28.0909 4068 rspndr - ok
19:57:28.0925 4068 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:57:28.0941 4068 SamSs - ok
19:57:28.0972 4068 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:57:28.0987 4068 sbp2port - ok
19:57:29.0003 4068 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:57:29.0034 4068 SCardSvr - ok
19:57:29.0065 4068 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:57:29.0097 4068 scfilter - ok
19:57:29.0128 4068 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:57:29.0190 4068 Schedule - ok
19:57:29.0221 4068 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:57:29.0253 4068 SCPolicySvc - ok
19:57:29.0253 4068 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:57:29.0284 4068 SDRSVC - ok
19:57:29.0315 4068 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:57:29.0362 4068 secdrv - ok
19:57:29.0393 4068 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:57:29.0424 4068 seclogon - ok
19:57:29.0455 4068 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:57:29.0502 4068 SENS - ok
19:57:29.0518 4068 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:57:29.0549 4068 SensrSvc - ok
19:57:29.0580 4068 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:57:29.0596 4068 Serenum - ok
19:57:29.0611 4068 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:57:29.0627 4068 Serial - ok
19:57:29.0658 4068 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:57:29.0674 4068 sermouse - ok
19:57:29.0705 4068 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:57:29.0752 4068 SessionEnv - ok
19:57:29.0767 4068 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:57:29.0783 4068 sffdisk - ok
19:57:29.0799 4068 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:57:29.0814 4068 sffp_mmc - ok
19:57:29.0830 4068 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:57:29.0845 4068 sffp_sd - ok
19:57:29.0861 4068 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:57:29.0877 4068 sfloppy - ok
19:57:29.0892 4068 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:57:29.0923 4068 SharedAccess - ok
19:57:29.0955 4068 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:57:30.0001 4068 ShellHWDetection - ok
19:57:30.0017 4068 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:57:30.0033 4068 SiSRaid2 - ok
19:57:30.0048 4068 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:57:30.0064 4068 SiSRaid4 - ok
19:57:30.0173 4068 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:57:30.0235 4068 Skype C2C Service - ok
19:57:30.0282 4068 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:57:30.0282 4068 SkypeUpdate - ok
19:57:30.0313 4068 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:57:30.0376 4068 Smb - ok
19:57:30.0407 4068 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:57:30.0438 4068 SNMPTRAP - ok
19:57:30.0625 4068 [ BE35CC81081328B1CFB2A5AB5CF0CE33 ] SNP325 C:\Windows\system32\DRIVERS\snp325.sys
19:57:30.0859 4068 SNP325 - ok
19:57:30.0891 4068 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:57:30.0891 4068 spldr - ok
19:57:30.0937 4068 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:57:30.0984 4068 Spooler - ok
19:57:31.0062 4068 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:57:31.0171 4068 sppsvc - ok
19:57:31.0187 4068 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:57:31.0234 4068 sppuinotify - ok
19:57:31.0249 4068 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:57:31.0296 4068 srv - ok
19:57:31.0312 4068 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:57:31.0327 4068 srv2 - ok
19:57:31.0343 4068 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:57:31.0374 4068 srvnet - ok
19:57:31.0390 4068 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:57:31.0437 4068 SSDPSRV - ok
19:57:31.0452 4068 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:57:31.0483 4068 SstpSvc - ok
19:57:31.0515 4068 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:57:31.0530 4068 Stereo Service - ok
19:57:31.0561 4068 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:57:31.0577 4068 stexstor - ok
19:57:31.0624 4068 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:57:31.0655 4068 stisvc - ok
19:57:31.0686 4068 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:57:31.0686 4068 swenum - ok
19:57:31.0717 4068 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:57:31.0764 4068 swprv - ok
19:57:31.0827 4068 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:57:31.0873 4068 SysMain - ok
19:57:31.0905 4068 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:57:31.0920 4068 TabletInputService - ok
19:57:31.0936 4068 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:57:31.0998 4068 TapiSrv - ok
19:57:32.0014 4068 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:57:32.0045 4068 TBS - ok
19:57:32.0107 4068 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:57:32.0154 4068 Tcpip - ok
19:57:32.0185 4068 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:57:32.0217 4068 TCPIP6 - ok
19:57:32.0232 4068 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:57:32.0248 4068 tcpipreg - ok
19:57:32.0263 4068 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:57:32.0295 4068 TDPIPE - ok
19:57:32.0326 4068 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:57:32.0341 4068 TDTCP - ok
19:57:32.0373 4068 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:57:32.0404 4068 tdx - ok
19:57:32.0419 4068 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:57:32.0435 4068 TermDD - ok
19:57:32.0451 4068 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:57:32.0513 4068 TermService - ok
19:57:32.0560 4068 [ 76468DF7A7A92413A57C998DE5C39290 ] TestHandler C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
19:57:32.0575 4068 TestHandler - ok
19:57:32.0591 4068 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:57:32.0622 4068 Themes - ok
19:57:32.0638 4068 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:57:32.0669 4068 THREADORDER - ok
19:57:32.0685 4068 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
19:57:32.0716 4068 TPM - ok
19:57:32.0747 4068 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:57:32.0778 4068 TrkWks - ok
19:57:32.0825 4068 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:57:32.0872 4068 TrustedInstaller - ok
19:57:32.0903 4068 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:57:32.0934 4068 tssecsrv - ok
19:57:32.0965 4068 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:57:32.0981 4068 TsUsbFlt - ok
19:57:33.0028 4068 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:57:33.0075 4068 tunnel - ok
19:57:33.0090 4068 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:57:33.0106 4068 uagp35 - ok
19:57:33.0121 4068 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:57:33.0168 4068 udfs - ok
19:57:33.0199 4068 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:57:33.0231 4068 UI0Detect - ok
19:57:33.0246 4068 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:57:33.0262 4068 uliagpkx - ok
19:57:33.0277 4068 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:57:33.0309 4068 umbus - ok
19:57:33.0324 4068 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:57:33.0324 4068 UmPass - ok
19:57:33.0340 4068 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:57:33.0402 4068 upnphost - ok
19:57:33.0433 4068 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:57:33.0465 4068 usbccgp - ok
19:57:33.0496 4068 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:57:33.0511 4068 usbcir - ok
19:57:33.0527 4068 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:57:33.0543 4068 usbehci - ok
19:57:33.0558 4068 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:57:33.0589 4068 usbhub - ok
19:57:33.0605 4068 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:57:33.0621 4068 usbohci - ok
19:57:33.0652 4068 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:57:33.0683 4068 usbprint - ok
19:57:33.0714 4068 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:57:33.0730 4068 usbscan - ok
19:57:33.0730 4068 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:57:33.0761 4068 USBSTOR - ok
19:57:33.0792 4068 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:57:33.0808 4068 usbuhci - ok
19:57:33.0823 4068 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:57:33.0870 4068 UxSms - ok
19:57:33.0886 4068 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:57:33.0901 4068 VaultSvc - ok
19:57:33.0917 4068 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:57:33.0933 4068 vdrvroot - ok
19:57:33.0964 4068 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:57:34.0011 4068 vds - ok
19:57:34.0042 4068 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:57:34.0057 4068 vga - ok
19:57:34.0073 4068 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:57:34.0104 4068 VgaSave - ok
19:57:34.0135 4068 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:57:34.0151 4068 vhdmp - ok
19:57:34.0182 4068 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:57:34.0198 4068 viaide - ok
19:57:34.0213 4068 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:57:34.0213 4068 volmgr - ok
19:57:34.0245 4068 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:57:34.0260 4068 volmgrx - ok
19:57:34.0291 4068 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:57:34.0307 4068 volsnap - ok
19:57:34.0323 4068 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:57:34.0338 4068 vsmraid - ok
19:57:34.0385 4068 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:57:34.0447 4068 VSS - ok
19:57:34.0463 4068 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:57:34.0463 4068 vwifibus - ok
19:57:34.0494 4068 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:57:34.0541 4068 W32Time - ok
19:57:34.0557 4068 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:57:34.0572 4068 WacomPen - ok
19:57:34.0603 4068 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:57:34.0650 4068 WANARP - ok
19:57:34.0666 4068 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:57:34.0697 4068 Wanarpv6 - ok
19:57:34.0728 4068 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:57:34.0791 4068 wbengine - ok
19:57:34.0806 4068 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:57:34.0822 4068 WbioSrvc - ok
19:57:34.0853 4068 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:57:34.0884 4068 wcncsvc - ok
19:57:34.0915 4068 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:57:34.0947 4068 WcsPlugInService - ok
19:57:34.0962 4068 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:57:34.0978 4068 Wd - ok
19:57:35.0009 4068 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:57:35.0040 4068 Wdf01000 - ok
19:57:35.0056 4068 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:57:35.0134 4068 WdiServiceHost - ok
19:57:35.0134 4068 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:57:35.0165 4068 WdiSystemHost - ok
19:57:35.0181 4068 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:57:35.0212 4068 WebClient - ok
19:57:35.0212 4068 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:57:35.0274 4068 Wecsvc - ok
19:57:35.0290 4068 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:57:35.0321 4068 wercplsupport - ok
19:57:35.0337 4068 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:57:35.0383 4068 WerSvc - ok
19:57:35.0415 4068 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:57:35.0446 4068 WfpLwf - ok
19:57:35.0461 4068 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:57:35.0477 4068 WIMMount - ok
19:57:35.0493 4068 WinDefend - ok
19:57:35.0493 4068 WinHttpAutoProxySvc - ok
19:57:35.0539 4068 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:57:35.0571 4068 Winmgmt - ok
19:57:35.0633 4068 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:57:35.0695 4068 WinRM - ok
19:57:35.0742 4068 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:57:35.0758 4068 WinUsb - ok
19:57:35.0789 4068 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:57:35.0836 4068 Wlansvc - ok
19:57:35.0851 4068 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:57:35.0867 4068 WmiAcpi - ok
19:57:35.0898 4068 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:57:35.0914 4068 wmiApSrv - ok
19:57:35.0945 4068 WMPNetworkSvc - ok
19:57:35.0976 4068 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:57:36.0007 4068 WPCSvc - ok
19:57:36.0039 4068 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:57:36.0054 4068 WPDBusEnum - ok
19:57:36.0070 4068 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:57:36.0117 4068 ws2ifsl - ok
19:57:36.0132 4068 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:57:36.0163 4068 wscsvc - ok
19:57:36.0179 4068 WSearch - ok
19:57:36.0241 4068 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:57:36.0288 4068 wuauserv - ok
19:57:36.0319 4068 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:57:36.0351 4068 WudfPf - ok
19:57:36.0366 4068 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:57:36.0382 4068 WUDFRd - ok
19:57:36.0413 4068 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:57:36.0429 4068 wudfsvc - ok
19:57:36.0460 4068 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:57:36.0475 4068 WwanSvc - ok
19:57:36.0475 4068 ================ Scan global ===============================
19:57:36.0507 4068 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:57:36.0522 4068 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:57:36.0538 4068 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:57:36.0553 4068 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:57:36.0553 4068 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:57:36.0569 4068 [Global] - ok
19:57:36.0569 4068 ================ Scan MBR ==================================
19:57:36.0569 4068 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:57:36.0850 4068 \Device\Harddisk0\DR0 - ok
19:57:36.0850 4068 [ 205060F860AA1EC25B607A1B5B40A40C ] \Device\Harddisk1\DR1
19:57:36.0928 4068 \Device\Harddisk1\DR1 - ok
19:57:36.0928 4068 ================ Scan VBR ==================================
19:57:36.0959 4068 [ 000863A0A7899568A1567E26E463B65B ] \Device\Harddisk0\DR0\Partition1
19:57:36.0959 4068 \Device\Harddisk0\DR0\Partition1 - ok
19:57:36.0975 4068 [ 8B0FF54ED54309A9E69F75A13D81ACAB ] \Device\Harddisk0\DR0\Partition2
19:57:36.0975 4068 \Device\Harddisk0\DR0\Partition2 - ok
19:57:36.0975 4068 [ 432733587D80C3A7FC0F74367CCF9A0B ] \Device\Harddisk1\DR1\Partition1
19:57:36.0975 4068 \Device\Harddisk1\DR1\Partition1 - ok
19:57:36.0990 4068 ============================================================
19:57:36.0990 4068 Scan finished
19:57:36.0990 4068 ============================================================
19:57:36.0990 3860 Detected object count: 0
19:57:36.0990 3860 Actual detected object count: 0
|
|
23.12.2012, 20:10
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "Deutsche Post" Aufforderung zur Sendungsabholung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Virus "Deutsche Post" Aufforderung zur Sendungsabholung |
|
23.12.2012, 20:52
| #7 |
| | Virus "Deutsche Post" Aufforderung zur Sendungsabholung Combofix Logfile: Code:
ATTFilter ComboFix 12-12-23.01 - Amalia 23.12.2012 20:17:51.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2846 [GMT 1:00]
ausgeführt von:: c:\users\Amalia\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Amalia\4.0
c:\users\Amalia\AppData\Roaming\chrtmp
c:\users\Amalia\AppData\Roaming\instplugin\toOLbar.dll
c:\users\Amalia\AppData\Roaming\Yhzul
c:\users\Amalia\AppData\Roaming\Yhzul\umavg.exe
c:\windows\IsUn0407.exe
D:\Uninstall.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-23 bis 2012-12-23 ))))))))))))))))))))))))))))))
.
.
2012-12-23 19:22 . 2012-12-23 19:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-22 16:19 . 2012-12-22 16:19 -------- d-----w- c:\users\Amalia\AppData\Roaming\Malwarebytes
2012-12-22 16:19 . 2012-12-22 16:19 -------- d-----w- c:\programdata\Malwarebytes
2012-12-22 16:19 . 2012-12-22 16:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-22 16:19 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-22 15:15 . 2012-12-23 19:04 -------- d-----w- c:\users\Amalia\AppData\Roaming\Yges
2012-12-22 15:15 . 2012-12-22 15:15 -------- d-----w- c:\users\Amalia\AppData\Roaming\Opovr
2012-12-22 06:07 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB7C7936-96C4-4915-81CD-2BE9D7CCD98D}\mpengine.dll
2012-12-21 06:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 06:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 06:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 06:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 06:41 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 06:40 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 06:40 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-04 16:40 . 2012-12-04 16:40 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-11-30 21:43 . 2012-11-30 21:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 06:54 . 2010-03-05 12:03 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 15:20 . 2012-05-12 16:13 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 15:20 . 2012-01-12 16:03 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-03 15:47 . 2012-10-10 20:23 18045968 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-03 15:47 . 2012-10-10 20:23 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-03 15:47 . 2012-10-10 20:23 2816824 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-03 15:47 . 2012-10-10 20:23 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-03 15:47 . 2012-10-10 20:23 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-03 15:47 . 2012-10-10 20:22 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-03 15:47 . 2012-10-10 20:22 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-03 15:47 . 2012-02-09 20:43 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-01 05:49 . 2009-07-14 13:08 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-01 05:49 . 2009-07-14 13:08 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2009-07-14 13:08 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2009-07-14 13:08 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2009-07-14 13:08 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2009-07-14 13:08 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-16 08:38 . 2012-11-28 05:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 05:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 05:34 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 04:07 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 04:07 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 04:07 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 04:07 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 06:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 04:07 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 04:07 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 04:07 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 04:07 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 04:07 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 04:07 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 04:07 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 04:07 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 04:07 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 04:07 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 04:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-15 04:06 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 04:06 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 11:18 1519824 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
c:\users\Amalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
CurseClientStartup.ccip [2012-6-25 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-9-22 2351104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2007-11-22 10733184]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 15:20]
.
2012-12-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000Core.job
- c:\users\Amalia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-06 17:31]
.
2012-12-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000UA.job
- c:\users\Amalia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-06 17:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=be11822c00000000000000199977be0c
mLocal Page = c:\windows\SysWOW64\blank.htm
IE:
IE: amazon Suche - D:\Searchamazon.htm
IE: amazon Suche starten - D:\Searchamazon.htm
IE: eBay - Mein eBay - D:\SearchEbaymein.htm
IE: eBay - Powersuche - D:\SearchEbaypower.htm
IE: eBay - Startseite - D:\SearchEbay.htm
IE: eBay Suche starten - D:\SearchEbay.htm
IE: Free YouTube to MP3 Converter - c:\users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Suche - D:\SearchGoogle.htm
IE: Google Suche starten - D:\SearchGoogle.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 83.169.184.161 83.169.184.225
FF - ProfilePath - c:\users\Amalia\AppData\Roaming\Mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2012-12-06 18:38; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-12-22 17:19; toolbar@web.de; c:\users\Amalia\AppData\Roaming\Mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\extensions\toolbar@web.de.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
Toolbar-Locked - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-89AF-189327213627} - c:\users\Amalia\AppData\Roaming\instplugin\toolbar.dll
Wow6432Node-HKCU-Run-Emxuol - c:\users\Amalia\AppData\Roaming\Yhzul\umavg.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
AddRemove-{F3DCD04C-BE9C-408C-BC8C-B77AF972DBC2} - D:\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-23 20:25:49
ComboFix-quarantined-files.txt 2012-12-23 19:25
.
Vor Suchlauf: 9 Verzeichnis(se), 272.660.791.296 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 272.601.444.352 Bytes frei
.
- - End Of File - - 5155BCEF4C93FE0B545BF09063E0B5FE
|
|
23.12.2012, 20:59
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "Deutsche Post" Aufforderung zur Sendungsabholung adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 21:31
| #9 |
| | Virus "Deutsche Post" Aufforderung zur SendungsabholungCode:
ATTFilter # AdwCleaner v2.101 - Datei am 23/12/2012 um 21:30:33 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Amalia - AMALIA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Amalia\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Amalia\AppData\Local\APN
Ordner Gefunden : C:\Users\Amalia\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\Amalia\AppData\Local\Babylon
Ordner Gefunden : C:\Users\Amalia\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Amalia\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Amalia\AppData\Roaming\instplugin
Ordner Gefunden : C:\Users\UpdatusUser\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\UpdatusUser\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=be11822c00000000000000199977be0c
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default-1356193177807 [Profil par défaut]
Datei : C:\Users\Amalia\AppData\Roaming\Mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [6048 octets] - [23/12/2012 21:30:33]
########## EOF - C:\AdwCleaner[R1].txt - [6108 octets] ##########
|
|
23.12.2012, 21:55
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "Deutsche Post" Aufforderung zur Sendungsabholung adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 22:22
| #11 |
| | Virus "Deutsche Post" Aufforderung zur Sendungsabholung runde 1 - adw # AdwCleaner v2.101 - Datei am 23/12/2012 um 22:17:12 erstellt # Aktualisiert am 16/12/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Amalia - AMALIA-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Amalia\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Datei Gelöscht : C:\user.js Ordner Gelöscht : C:\Program Files (x86)\Ask.com Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\Users\Amalia\AppData\Local\APN Ordner Gelöscht : C:\Users\Amalia\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\Amalia\AppData\Local\Babylon Ordner Gelöscht : C:\Users\Amalia\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\Amalia\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Amalia\AppData\Roaming\instplugin Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\UpdatusUser\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp Schlüssel Gelöscht : HKCU\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=be11822c00000000000000199977be0c --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com -\\ Mozilla Firefox v17.0.1 (de) Profilname : default-1356193177807 [Profil par défaut] Datei : C:\Users\Amalia\AppData\Roaming\Mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\prefs.js C:\Users\Amalia\AppData\Roaming\Mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\user.js ... Gelöscht ! [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [6161 octets] - [23/12/2012 21:30:33] AdwCleaner[S1].txt - [5810 octets] - [23/12/2012 22:17:12] ########## EOF - C:\AdwCleaner[S1].txt - [5870 octets] ########## Code:
ATTFilter OTL logfile created on: 23.12.2012 22:24:35 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amalia\Desktop\Anwendungen 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,19% Memory free 8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 300,00 Gb Total Space | 253,98 Gb Free Space | 84,66% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 539,50 Gb Free Space | 57,92% Space Free | Partition Type: NTFS Drive E: | 629,50 Gb Total Space | 606,14 Gb Free Space | 96,29% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: AMALIA-PC | User Name: Amalia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Amalia\Desktop\Anwendungen\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions) PRC - C:\Windows\vsnp325.exe () PRC - C:\Windows\tsnp325.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\vsnp325.exe () MOD - C:\Windows\tsnp325.exe () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (TestHandler) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir3.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (SNP325) -- C:\Windows\SysNative\drivers\snp325.sys (Sonix Co. Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A4F3E31-641E-4F75-B017-9B931AA6BB6E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{5F59A8CE-D2B8-45D6-9204-8DAEF870D309}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 [binary data] IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{15B4B87A-2861-4246-8E8B-1597293E3F16}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{297F7C10-951E-4F69-9E9F-30FA301B3E00}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10399&src=crm&q={searchTerms}&locale=de_NL&apn_ptnrs=^ABX&apn_dtid=^YYYYYY^YY^NL&apn_uid=bc48a339-2861-41cb-98eb-763bf62b7128&apn_sauid=5486F1A9-363B-4610-985E-7FBE7E72CD3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{4BBF489A-0EF5-4F2D-9F10-6BDF06A37AE1}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{59232AD8-C372-4ABF-9A95-6D178D3606BB}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{8E256A99-D1CD-4775-8174-10E6C012BCC8}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{8EE1426C-AD21-4249-A822-8F5D45920740}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Amalia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 18:38:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 18:38:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.21 17:07:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 18:38:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 18:38:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.21 17:07:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.07.01 13:32:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\Extensions [2012.12.22 17:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\extensions [2012.12.22 17:51:06 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\firefox\profiles\hgcsgmew.default-1356193177807\extensions\toolbar@web.de.xpi [2012.12.06 18:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.06 18:38:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.06 18:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.12.06 18:38:24 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de [2012.12.06 18:38:28 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.16 06:35:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.16 09:53:37 | 000,000,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.23 20:23:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - D:\IEButtonAmazonInterface.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (eBay) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - D:\IEButtonEbayInterface.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe () O4 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Amalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: amazon Suche - D:\Searchamazon.htm () O8:64bit: - Extra context menu item: amazon Suche starten - D:\Searchamazon.htm () O8:64bit: - Extra context menu item: eBay - Mein eBay - D:\SearchEbaymein.htm () O8:64bit: - Extra context menu item: eBay - Powersuche - D:\SearchEbaypower.htm () O8:64bit: - Extra context menu item: eBay - Startseite - D:\SearchEbay.htm () O8:64bit: - Extra context menu item: eBay Suche starten - D:\SearchEbay.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Suche - D:\SearchGoogle.htm () O8:64bit: - Extra context menu item: Google Suche starten - D:\SearchGoogle.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: amazon Suche - D:\Searchamazon.htm () O8 - Extra context menu item: amazon Suche starten - D:\Searchamazon.htm () O8 - Extra context menu item: eBay - Mein eBay - D:\SearchEbaymein.htm () O8 - Extra context menu item: eBay - Powersuche - D:\SearchEbaypower.htm () O8 - Extra context menu item: eBay - Startseite - D:\SearchEbay.htm () O8 - Extra context menu item: eBay Suche starten - D:\SearchEbay.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Suche - D:\SearchGoogle.htm () O8 - Extra context menu item: Google Suche starten - D:\SearchGoogle.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 83.169.184.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65CE6E1C-4D7C-4B32-AA8B-3D5F48CC0C9B}: DhcpNameServer = 83.169.184.161 83.169.184.225 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.23 22:19:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.23 20:25:50 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.12.23 20:16:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.23 20:16:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.23 20:16:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.23 20:16:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.23 20:16:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.23 20:14:58 | 005,012,686 | R--- | C] (Swearware) -- C:\Users\Amalia\Desktop\ComboFix.exe [2012.12.23 19:41:26 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Amalia\Desktop\tdsskiller.exe [2012.12.23 19:39:26 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Amalia\Desktop\aswMBR.exe [2012.12.22 17:19:25 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Malwarebytes [2012.12.22 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.22 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.22 17:19:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.22 17:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.22 16:15:06 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Yges [2012.12.22 16:15:06 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Opovr [2012.12.21 07:41:48 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 07:41:48 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 07:41:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 07:41:47 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.13 07:52:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.13 07:52:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.13 07:52:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.13 07:52:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.13 07:52:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.13 07:52:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.13 07:52:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.13 07:52:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.13 07:52:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.13 07:52:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.13 07:52:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.13 07:52:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.13 07:52:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.13 07:52:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.13 07:52:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.13 07:41:04 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.13 07:41:04 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.13 07:41:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.13 07:41:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.13 07:41:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.13 07:41:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.13 07:41:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.13 07:41:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.13 07:41:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.13 07:41:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.13 07:41:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.13 07:41:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.13 07:41:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.13 07:41:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.13 07:41:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.13 07:41:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.13 07:41:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.13 07:41:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.13 07:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.13 07:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.13 07:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.13 07:41:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.13 07:40:54 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.13 07:40:54 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.08 12:45:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012.12.08 12:45:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012.12.08 12:45:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012.12.08 12:45:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012.12.08 12:45:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012.12.08 12:45:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012.12.08 12:45:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012.12.08 12:45:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012.12.08 12:45:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012.12.08 12:45:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012.12.08 12:45:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012.12.08 12:45:39 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012.12.08 12:45:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012.12.08 12:45:38 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012.12.08 12:45:38 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.12.08 12:45:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012.12.08 12:45:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012.12.08 12:45:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012.12.08 12:45:38 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012.12.08 12:45:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012.12.08 12:45:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012.12.08 12:45:38 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012.12.08 12:45:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012.12.08 12:45:37 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012.12.08 12:45:01 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.12.08 12:45:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.12.06 18:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.04 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.12.04 17:37:53 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll [2012.12.04 17:37:53 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2012.12.04 17:37:53 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2012.12.04 17:37:52 | 026,811,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.12.04 17:37:52 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.12.04 17:37:52 | 020,335,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.12.04 17:37:52 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.12.04 17:37:52 | 009,271,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.12.04 17:37:52 | 007,819,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.12.04 17:37:52 | 007,446,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.12.04 17:37:52 | 006,149,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.12.04 17:37:52 | 002,784,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.12.04 17:37:52 | 002,606,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.12.04 17:37:52 | 002,226,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.12.04 17:37:52 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.12.04 17:37:10 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.11.30 22:43:52 | 000,438,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe ========== Files - Modified Within 30 Days ========== [2012.12.23 22:26:34 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.23 22:26:34 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.23 22:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.23 22:18:26 | 3219,984,384 | -HS- | M] () -- C:\hiberfil.sys [2012.12.23 21:29:58 | 000,547,175 | ---- | M] () -- C:\Users\Amalia\Desktop\adwcleaner.exe [2012.12.23 20:23:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.12.23 20:15:07 | 005,012,686 | R--- | M] (Swearware) -- C:\Users\Amalia\Desktop\ComboFix.exe [2012.12.23 19:41:29 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Amalia\Desktop\tdsskiller.exe [2012.12.23 19:40:08 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Amalia\Desktop\aswMBR.exe [2012.12.23 19:36:02 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000UA.job [2012.12.23 19:36:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000Core.job [2012.12.22 17:20:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.22 17:20:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.22 17:20:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.22 17:20:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.22 17:20:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.21 13:56:08 | 000,427,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.12 16:20:16 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.12 16:20:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.03 16:47:14 | 026,811,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.12.03 16:47:14 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.12.03 16:47:14 | 020,335,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.12.03 16:47:14 | 018,045,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.12.03 16:47:14 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.12.03 16:47:14 | 015,122,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.12.03 16:47:14 | 015,016,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.12.03 16:47:14 | 012,603,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.12.03 16:47:14 | 009,271,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.12.03 16:47:14 | 007,819,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.12.03 16:47:14 | 007,446,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.12.03 16:47:14 | 006,149,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.12.03 16:47:14 | 002,816,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.12.03 16:47:14 | 002,784,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.12.03 16:47:14 | 002,606,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.12.03 16:47:14 | 002,496,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.12.03 16:47:14 | 002,226,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.12.03 16:47:14 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.12.03 16:47:14 | 001,805,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.12.03 16:47:14 | 001,504,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.01 06:49:26 | 002,557,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.12.01 06:49:25 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.12.01 06:49:25 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.12.01 06:48:41 | 006,223,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.12.01 06:48:37 | 003,311,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.11.30 22:43:52 | 000,438,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe ========== Files Created - No Company Name ========== [2012.12.23 21:29:52 | 000,547,175 | ---- | C] () -- C:\Users\Amalia\Desktop\adwcleaner.exe [2012.12.23 20:16:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.23 20:16:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.23 20:16:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.23 20:16:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.23 20:16:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.05.01 10:32:26 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2012.03.30 17:06:11 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe [2012.03.30 17:06:11 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe [2012.03.30 17:06:11 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp325.dll [2012.03.30 17:06:11 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpx32.dll [2012.03.30 17:06:11 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini [2012.03.30 16:48:11 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnp325.dll [2012.03.30 16:48:11 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp325.dll [2011.12.17 14:37:52 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.12.17 14:33:15 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2010.05.06 20:40:15 | 000,000,017 | ---- | C] () -- C:\Users\Amalia\AppData\Local\resmon.resmoncfg [2010.05.04 18:01:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
23.12.2012, 22:34
| #12 |
| | Virus "Deutsche Post" Aufforderung zur SendungsabholungCode:
ATTFilter OTL logfile created on: 23.12.2012 22:24:35 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amalia\Desktop\Anwendungen 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,19% Memory free 8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 300,00 Gb Total Space | 253,98 Gb Free Space | 84,66% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 539,50 Gb Free Space | 57,92% Space Free | Partition Type: NTFS Drive E: | 629,50 Gb Total Space | 606,14 Gb Free Space | 96,29% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: AMALIA-PC | User Name: Amalia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Amalia\Desktop\Anwendungen\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions) PRC - C:\Windows\vsnp325.exe () PRC - C:\Windows\tsnp325.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\vsnp325.exe () MOD - C:\Windows\tsnp325.exe () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (TestHandler) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir3.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (SNP325) -- C:\Windows\SysNative\drivers\snp325.sys (Sonix Co. Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A4F3E31-641E-4F75-B017-9B931AA6BB6E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{5F59A8CE-D2B8-45D6-9204-8DAEF870D309}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 [binary data] IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{15B4B87A-2861-4246-8E8B-1597293E3F16}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{297F7C10-951E-4F69-9E9F-30FA301B3E00}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10399&src=crm&q={searchTerms}&locale=de_NL&apn_ptnrs=^ABX&apn_dtid=^YYYYYY^YY^NL&apn_uid=bc48a339-2861-41cb-98eb-763bf62b7128&apn_sauid=5486F1A9-363B-4610-985E-7FBE7E72CD3D IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{4BBF489A-0EF5-4F2D-9F10-6BDF06A37AE1}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{59232AD8-C372-4ABF-9A95-6D178D3606BB}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{8E256A99-D1CD-4775-8174-10E6C012BCC8}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\SearchScopes\{8EE1426C-AD21-4249-A822-8F5D45920740}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Amalia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 18:38:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 18:38:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.21 17:07:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 18:38:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 18:38:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.21 17:07:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.07.01 13:32:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\Extensions [2012.12.22 17:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\extensions [2012.12.22 17:51:06 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\Amalia\AppData\Roaming\mozilla\firefox\profiles\hgcsgmew.default-1356193177807\extensions\toolbar@web.de.xpi [2012.12.06 18:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.06 18:38:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.06 18:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.12.06 18:38:24 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de [2012.12.06 18:38:28 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.16 06:35:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.16 09:53:37 | 000,000,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.23 20:23:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - D:\IEButtonAmazonInterface.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (eBay) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - D:\IEButtonEbayInterface.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe () O4 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Amalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1634775548-2055541098-4236926659-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: amazon Suche - D:\Searchamazon.htm () O8:64bit: - Extra context menu item: amazon Suche starten - D:\Searchamazon.htm () O8:64bit: - Extra context menu item: eBay - Mein eBay - D:\SearchEbaymein.htm () O8:64bit: - Extra context menu item: eBay - Powersuche - D:\SearchEbaypower.htm () O8:64bit: - Extra context menu item: eBay - Startseite - D:\SearchEbay.htm () O8:64bit: - Extra context menu item: eBay Suche starten - D:\SearchEbay.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Suche - D:\SearchGoogle.htm () O8:64bit: - Extra context menu item: Google Suche starten - D:\SearchGoogle.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: amazon Suche - D:\Searchamazon.htm () O8 - Extra context menu item: amazon Suche starten - D:\Searchamazon.htm () O8 - Extra context menu item: eBay - Mein eBay - D:\SearchEbaymein.htm () O8 - Extra context menu item: eBay - Powersuche - D:\SearchEbaypower.htm () O8 - Extra context menu item: eBay - Startseite - D:\SearchEbay.htm () O8 - Extra context menu item: eBay Suche starten - D:\SearchEbay.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Amalia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Suche - D:\SearchGoogle.htm () O8 - Extra context menu item: Google Suche starten - D:\SearchGoogle.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 83.169.184.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65CE6E1C-4D7C-4B32-AA8B-3D5F48CC0C9B}: DhcpNameServer = 83.169.184.161 83.169.184.225 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.23 22:19:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.23 20:25:50 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.12.23 20:16:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.23 20:16:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.23 20:16:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.23 20:16:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.23 20:16:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.23 20:14:58 | 005,012,686 | R--- | C] (Swearware) -- C:\Users\Amalia\Desktop\ComboFix.exe [2012.12.23 19:41:26 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Amalia\Desktop\tdsskiller.exe [2012.12.23 19:39:26 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Amalia\Desktop\aswMBR.exe [2012.12.22 17:19:25 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Malwarebytes [2012.12.22 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.22 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.22 17:19:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.22 17:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.22 16:15:06 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Yges [2012.12.22 16:15:06 | 000,000,000 | ---D | C] -- C:\Users\Amalia\AppData\Roaming\Opovr [2012.12.21 07:41:48 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 07:41:48 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 07:41:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 07:41:47 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.13 07:52:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.13 07:52:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.13 07:52:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.13 07:52:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.13 07:52:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.13 07:52:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.13 07:52:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.13 07:52:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.13 07:52:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.13 07:52:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.13 07:52:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.13 07:52:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.13 07:52:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.13 07:52:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.13 07:52:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.13 07:41:04 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.13 07:41:04 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.13 07:41:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.13 07:41:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.13 07:41:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.13 07:41:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.13 07:41:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.13 07:41:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.13 07:41:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.13 07:41:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.13 07:41:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.13 07:41:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.13 07:41:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.13 07:41:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.13 07:41:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.13 07:41:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.13 07:41:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.13 07:41:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.13 07:41:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.13 07:41:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.13 07:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.13 07:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.13 07:41:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.13 07:41:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.13 07:41:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.13 07:40:54 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.13 07:40:54 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.08 12:45:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012.12.08 12:45:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012.12.08 12:45:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012.12.08 12:45:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012.12.08 12:45:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012.12.08 12:45:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012.12.08 12:45:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012.12.08 12:45:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012.12.08 12:45:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012.12.08 12:45:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012.12.08 12:45:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012.12.08 12:45:39 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012.12.08 12:45:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012.12.08 12:45:38 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012.12.08 12:45:38 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.12.08 12:45:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012.12.08 12:45:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012.12.08 12:45:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012.12.08 12:45:38 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012.12.08 12:45:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012.12.08 12:45:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012.12.08 12:45:38 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012.12.08 12:45:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012.12.08 12:45:37 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012.12.08 12:45:01 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.12.08 12:45:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.12.06 18:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.04 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.12.04 17:37:53 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll [2012.12.04 17:37:53 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2012.12.04 17:37:53 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2012.12.04 17:37:52 | 026,811,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.12.04 17:37:52 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.12.04 17:37:52 | 020,335,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.12.04 17:37:52 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.12.04 17:37:52 | 009,271,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.12.04 17:37:52 | 007,819,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.12.04 17:37:52 | 007,446,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.12.04 17:37:52 | 006,149,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.12.04 17:37:52 | 002,784,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.12.04 17:37:52 | 002,606,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.12.04 17:37:52 | 002,226,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.12.04 17:37:52 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.12.04 17:37:10 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.11.30 22:43:52 | 000,438,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe ========== Files - Modified Within 30 Days ========== [2012.12.23 22:26:34 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.23 22:26:34 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.23 22:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.23 22:18:26 | 3219,984,384 | -HS- | M] () -- C:\hiberfil.sys [2012.12.23 21:29:58 | 000,547,175 | ---- | M] () -- C:\Users\Amalia\Desktop\adwcleaner.exe [2012.12.23 20:23:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.12.23 20:15:07 | 005,012,686 | R--- | M] (Swearware) -- C:\Users\Amalia\Desktop\ComboFix.exe [2012.12.23 19:41:29 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Amalia\Desktop\tdsskiller.exe [2012.12.23 19:40:08 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Amalia\Desktop\aswMBR.exe [2012.12.23 19:36:02 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000UA.job [2012.12.23 19:36:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1634775548-2055541098-4236926659-1000Core.job [2012.12.22 17:20:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.22 17:20:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.22 17:20:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.22 17:20:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.22 17:20:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.21 13:56:08 | 000,427,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.12 16:20:16 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.12 16:20:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.03 16:47:14 | 026,811,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.12.03 16:47:14 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.12.03 16:47:14 | 020,335,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.12.03 16:47:14 | 018,045,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.12.03 16:47:14 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.12.03 16:47:14 | 015,122,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.12.03 16:47:14 | 015,016,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.12.03 16:47:14 | 012,603,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.12.03 16:47:14 | 009,271,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.12.03 16:47:14 | 007,819,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.12.03 16:47:14 | 007,446,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.12.03 16:47:14 | 006,149,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.12.03 16:47:14 | 002,816,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.12.03 16:47:14 | 002,784,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.12.03 16:47:14 | 002,606,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.12.03 16:47:14 | 002,496,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.12.03 16:47:14 | 002,226,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.12.03 16:47:14 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.12.03 16:47:14 | 001,805,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.12.03 16:47:14 | 001,504,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.01 06:49:26 | 002,557,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.12.01 06:49:25 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.12.01 06:49:25 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.12.01 06:48:41 | 006,223,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.12.01 06:48:37 | 003,311,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.11.30 22:43:52 | 000,438,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe ========== Files Created - No Company Name ========== [2012.12.23 21:29:52 | 000,547,175 | ---- | C] () -- C:\Users\Amalia\Desktop\adwcleaner.exe [2012.12.23 20:16:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.23 20:16:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.23 20:16:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.23 20:16:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.23 20:16:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.05.01 10:32:26 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2012.03.30 17:06:11 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe [2012.03.30 17:06:11 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe [2012.03.30 17:06:11 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp325.dll [2012.03.30 17:06:11 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpx32.dll [2012.03.30 17:06:11 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini [2012.03.30 16:48:11 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnp325.dll [2012.03.30 16:48:11 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp325.dll [2011.12.17 14:37:52 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.12.17 14:33:15 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2010.05.06 20:40:15 | 000,000,017 | ---- | C] () -- C:\Users\Amalia\AppData\Local\resmon.resmoncfg [2010.05.04 18:01:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.12.2012 22:24:35 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amalia\Desktop\Anwendungen
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,19% Memory free
8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,00 Gb Total Space | 253,98 Gb Free Space | 84,66% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 539,50 Gb Free Space | 57,92% Space Free | Partition Type: NTFS
Drive E: | 629,50 Gb Total Space | 606,14 Gb Free Space | 96,29% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: AMALIA-PC | User Name: Amalia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0153A012-A83E-4696-93EF-78471954BE3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{0330F4DD-7DC8-47CD-BB7D-8EFD361D44E6}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=%systemroot%\system32\vds.exe |
"{041D5C64-2301-4DA7-AE60-7ECBB0A7E1A8}" = rport=5357 | protocol=6 | dir=out | app=system |
"{0623118B-7FF0-438A-88E8-4B1A4AD3E3A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07E29018-88DC-403F-97E7-D7C22B74F33B}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=%systemroot%\system32\svchost.exe |
"{149481D4-C49E-4031-9BF3-01FE7E66E968}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{14E1BC27-7CD1-4011-BB0C-EB9C530B0758}" = lport=5358 | protocol=6 | dir=in | app=system |
"{19573F3A-593F-4D5F-A520-9EBE61D74F5F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1B8BC06A-BC29-40A8-8F82-DF3EDD9C0458}" = rport=139 | protocol=6 | dir=out | app=system |
"{20B27E73-9F5E-47B2-B3E8-A928BBFA00B0}" = rport=5358 | protocol=6 | dir=out | app=system |
"{218B14D2-5AC2-443B-8152-C07D82863621}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22C75A9E-6205-4C63-A598-27704B7F0A3E}" = lport=5357 | protocol=6 | dir=in | app=system |
"{248FB794-2CA9-46E3-ABDB-949E0618F5B2}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{266F16B1-A4F4-4713-92D3-341ED8D8D2B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BA1623C-3221-400C-9AA9-2BEA5977B155}" = lport=443 | protocol=6 | dir=in | app=system |
"{2D1843E7-CD9B-43DD-8486-E65B0FC6A537}" = rport=445 | protocol=6 | dir=out | app=system |
"{2EBAE9E9-281A-48D2-B12D-13A334B5D7BF}" = lport=10245 | protocol=6 | dir=in | app=system |
"{304D6EA1-F228-41E4-9B12-E1CE9F38A887}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe |
"{309B415C-2AA2-4E83-9C0D-168EE44D3ACA}" = rport=1701 | protocol=17 | dir=out | app=system |
"{3299CA7B-C5A3-431C-B7C2-B796A5A4BC78}" = lport=445 | protocol=6 | dir=in | app=system |
"{3561E932-B6A7-44B9-969B-4AFA037B8F11}" = rport=137 | protocol=17 | dir=out | app=system |
"{3806DFE1-DA05-4157-9EE0-F3E0A723F28C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CAA85A2-38DB-466A-802F-4F9B968D0846}" = lport=1723 | protocol=6 | dir=in | app=system |
"{44525CC5-1424-4876-B102-6A92F660E67D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{49C9DC27-29C6-4049-A1F4-5ABD7B57ACC4}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{500902F4-B382-4F1C-AC50-6D5EB803B7E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59D6DDC3-F6CA-4D84-A614-85D988302C1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F52CDC9-04D8-4610-AC86-3B8FC879867C}" = rport=1723 | protocol=6 | dir=out | app=system |
"{6DA2723E-1658-495F-BE1F-3D421C96A334}" = lport=5985 | protocol=6 | dir=in | app=system |
"{6E3893FB-313F-4358-B74A-8B4BE81EADE7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{70F4E74B-4E15-4BED-B4C1-1B2A1C1FAEDA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7166D1F6-82B8-4A4D-B68D-D189DD241CE8}" = lport=445 | protocol=6 | dir=in | app=system |
"{72DE9C05-95DD-41F6-AAD4-FCCCF8F96EF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{791F1B98-BC4C-4C9A-816A-A03C62452130}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7AA3A99F-9E96-4FFD-89EF-72C757A38E26}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8146E82A-037B-41CC-8611-69DA711CE05C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{815E0B4E-6B6F-4EB7-A077-065D0AE82D33}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{82858F5A-39D4-41AC-833D-FE8E6C8EA69F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{837AE6B8-85F0-4761-9EFE-6B7A32B99879}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{85D8634D-8310-4ED5-AD96-DD2508B0A826}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\services.exe |
"{8B88D51A-8192-4E08-B1C1-970C1810D0F1}" = lport=10244 | protocol=6 | dir=in | app=system |
"{8D36CD8E-9FB2-4781-A34E-AFED3F921D80}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{8D8E4621-FCCD-468F-A712-729077152CAC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E84F65E-6B11-40BA-ADE9-A3D2CF36FF7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9401BCD8-8C34-45C9-9356-9DD36CF3CE28}" = lport=445 | protocol=6 | dir=in | app=system |
"{94286CC8-4494-4402-8A4E-C82DA8A8A6BA}" = lport=80 | protocol=6 | dir=in | app=system |
"{9D4214AF-0F44-41EF-BD4E-C8E457130C82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D8BB10D-32A4-450C-906F-93A0B0BE37F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2615FC9-682C-43F4-B309-14B13FEDDF34}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=%systemroot%\system32\svchost.exe |
"{A54902FE-B6BA-484E-920B-0F4EED2B74C4}" = rport=138 | protocol=17 | dir=out | app=system |
"{A83F7ABD-EC45-4695-92E8-66A00A64E33D}" = lport=139 | protocol=6 | dir=in | app=system |
"{AAA54C37-E5A5-478E-9415-7E93CCC7748E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADEEC9D1-BDCB-41D6-91AC-F3648B4C725C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0CC6AD2-794D-44ED-B645-AC7F183FFCAD}" = lport=1701 | protocol=17 | dir=in | app=system |
"{B0F51A19-F62C-4309-BB66-1E2D820F69B2}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\vdsldr.exe |
"{B2D92BC4-8ACE-4D83-9190-0E95653C59FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{B4FE0105-FC18-49D2-BC63-B6709865656A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B637CAE5-826D-4072-BF66-B85FA857039B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{BEFE314B-7C55-44A6-AF4F-1EE72E365E29}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{BFF9C548-0A07-482D-94CB-3D8F21B5D6EE}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{C244656D-7439-4A1C-B7B8-733E6E69E171}" = lport=445 | protocol=6 | dir=in | app=system |
"{CE9ECF38-777C-4311-AF19-F8E54D71BA64}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=%systemroot%\system32\snmptrap.exe |
"{D48AF527-2134-4669-A304-C15749B74A4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{D5DBC691-4F5F-4B38-90E3-890D1308EB98}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D7DA73AF-8321-42E1-856E-C3ED0B06568A}" = lport=137 | protocol=17 | dir=in | app=system |
"{D8DF24ED-CBB3-4D0C-B107-A2ACD9E7AFD4}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E9505B57-97F0-4312-8879-971E5B5B738D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EFD79D64-E4EE-460D-8337-0E4FCEBDA78D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{F3A50E6E-4DB5-4FF6-AFF9-04FC21574420}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=%systemroot%\system32\svchost.exe |
"{F77D1206-A014-4DAA-AAFE-8A4F72D6E540}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCB2D2CC-C05C-4A38-9609-1F42D04068DA}" = lport=3390 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03240E39-F716-44A3-87B1-897C9CD34456}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{055C56C2-1D73-4654-8E6F-41D34F14B94A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0819228A-A41F-4227-B204-A5348C8394D0}" = protocol=6 | dir=in | svc=winmgmt | app=%systemroot%\system32\svchost.exe |
"{0BC6B742-4A87-486A-91D2-E811C23C0564}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0D9BBFCF-892B-4323-A7C4-5BDF900F3565}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{0EDF796C-2C75-487E-AAE8-D582A9FE5936}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1063A553-E15E-454D-B6B2-4591FDD06FB0}" = dir=in | app=c:\users\amalia\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{1515667F-004B-425C-AEC3-1F7126B0777D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{16B854BA-470B-4AB8-A4D5-70C6BD7A922D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{230EF796-44FA-4328-872F-7A0A806A730C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{35898413-ABB5-49F0-BB7B-CC7D12C38EDD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D43A713-4EF1-44BC-9F51-F936345A7F43}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46EE5822-9ABF-4343-A9DB-9354797FF97D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4885A0F5-6C25-465A-815D-3E39F2C9F612}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4C42C775-3A92-4A29-A5D0-8D1B4F6A7B6D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{4DF7099D-304B-40BF-A87D-568B34570538}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4F42BCF2-E5AB-4B65-85C3-FC32C88E4703}" = protocol=17 | dir=in | app=c:\program files (x86)\fujitsu\launchcenter\launchcenter.exe |
"{551EC3D8-183A-4BAB-AA0F-C69B4059910D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60DF8CD5-3B50-406A-AFE8-4EEBA0CC4E7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6517C735-F645-4F38-B41F-CF135468A0A7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6B66D56B-6471-4B0D-9136-B911DD136F37}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{73754468-5626-466F-8DF3-561DFEE74C95}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
"{73E895F3-6123-436F-8FFF-392B00B55E73}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{748F7FED-22C3-4125-9DE9-E9E6A8F54D8C}" = protocol=6 | dir=in | app=%systemroot%\system32\msdtc.exe |
"{85210534-D8EF-41E3-903B-FC5EF0C52CAB}" = protocol=6 | dir=out | svc=winmgmt | app=%systemroot%\system32\svchost.exe |
"{8A7A1888-EEED-4ED7-86B6-203A3B4BBF86}" = protocol=6 | dir=in | app=c:\windows\system32\xpsrchvw.exe |
"{8DBDBD99-06FB-433F-B82D-58CA537FF081}" = protocol=6 | dir=in | app=c:\program files (x86)\fujitsu\launchcenter\launchcenter.exe |
"{8E2184A5-78DA-4CAF-83C9-3ACB5091871C}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{930ADC0C-DEC8-48CB-A266-D91FD8C23993}" = protocol=6 | dir=in | app=%systemroot%\system32\wbem\unsecapp.exe |
"{980E0017-9691-452E-BF9B-4D1350E70E4E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9833404E-5ACA-40F1-A695-E1355ACE0D16}" = protocol=17 | dir=in | app=c:\windows\system32\xpsrchvw.exe |
"{98A7174F-C07D-4A3F-A002-F8B69F90E8BA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9A22EE72-9CDE-477D-B8E9-FB6A2CCFD259}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A11FB719-EA23-41FD-BAAD-43C2AD22776E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1E7B5A2-1370-457B-A76F-BE539599BA31}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5C5D733-1917-4E51-9E76-57E38F464AB6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A690EA88-792A-4D29-A9C8-E6B8C5A41503}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{A71020A5-F5CC-491D-ADED-F0C43163B127}" = protocol=6 | dir=in | app=%systemroot%\system32\plasrv.exe |
"{A7E27397-D614-4E6C-B043-8F8D3181F1FE}" = protocol=47 | dir=in | app=system |
"{A980C34B-FDE5-493D-B91C-E70744267DB8}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{AC29A4A7-075D-461C-9F87-47AE8B943BE9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{BE6AE44B-EAC9-409B-AC42-0A7B556C91E3}" = protocol=47 | dir=out | app=system |
"{BF24DD6B-62ED-41F4-811F-FBFF7E101301}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C4137874-5E55-4332-9BAA-71FB741ED727}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E0E5D289-E0D7-4564-88A6-44D7FEBE32D9}" = protocol=6 | dir=out | app=%systemroot%\system32\msdtc.exe |
"{E2E68302-31CD-408F-8B7A-1B9C9FE03BED}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{E715E7AE-E284-4265-82A9-9EE6CACEF974}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2F77838-0429-4CDD-926C-70056F8A41B6}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
"{F6545452-E63C-4768-9AD9-732A0B958EFC}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{FC683782-83E5-4DC3-A149-5538A8F9A2B8}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"TCP Query User{22B2BEE1-CACE-4E22-BFE7-A3ED87E8678E}E:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"TCP Query User{2AFEEEE3-8D60-424E-8EC0-F35F7B620F3B}C:\users\amalia\appdata\roaming\yhzul\umavg.exe" = protocol=6 | dir=in | app=c:\users\amalia\appdata\roaming\yhzul\umavg.exe |
"TCP Query User{9D30C3DE-380F-4389-9EE3-7EEA74F6DC9E}E:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe" = protocol=6 | dir=in | app=e:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe |
"UDP Query User{2E638314-4640-4767-A053-D185FAF51186}E:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe" = protocol=17 | dir=in | app=e:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe |
"UDP Query User{4119BB55-74C8-4553-B8F0-4D1E74E35C73}E:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{E6BF811A-3B5A-4F3E-B259-1965C75B312B}C:\users\amalia\appdata\roaming\yhzul\umavg.exe" = protocol=17 | dir=in | app=c:\users\amalia\appdata\roaming\yhzul\umavg.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON SX410 Series" = Druckerdeinstallation für EPSON SX410 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3DCD04C-BE9C-408C-BC8C-B77AF972DBC2}" = teXXas
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam RW-100
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Don't Get Angry! 2_is1" = Don't Get Angry! 2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"Haushaltsbuch2" = Softwarenetz Haushaltsbuch2
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoScape" = PhotoScape
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.12.2012 11:35:07 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 498 Startzeit:
01cde059de8cc110 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
283e5a81-4c4d-11e2-9ba9-00199977be0c
Error - 22.12.2012 12:54:19 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 6d0 Startzeit:
01cde064e0341710 Endzeit: 94 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
38124a61-4c58-11e2-b41d-00199977be0c
Error - 22.12.2012 12:55:01 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c38 Startzeit:
01cde064fcf6bb00 Endzeit: 62 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
512ff291-4c58-11e2-b41d-00199977be0c
Error - 22.12.2012 15:32:21 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11fc Startzeit:
01cde07aff676ec8 Endzeit: 124 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
4c0d8079-4c6e-11e2-b41d-00199977be0c
Error - 23.12.2012 02:02:19 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm thunderbird.exe, Version 17.0.0.4703 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 3dc Startzeit: 01cde0d2a24521b0 Endzeit: 10 Anwendungspfad:
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Berichts-ID: 4d738c71-4cc6-11e2-9e41-00199977be0c
Error - 23.12.2012 02:54:22 | Computer Name = Amalia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
Zeitstempel: 0x50b71a4b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0023000a ID des fehlerhaften
Prozesses: 0xc6c Startzeit der fehlerhaften Anwendung: 0x01cde0da5467c6c0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 940e0e60-4ccd-11e2-9e41-00199977be0c
Error - 23.12.2012 04:12:38 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f0c Startzeit:
01cde0e52f473d98 Endzeit: 172 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
81c0d369-4cd8-11e2-9e41-00199977be0c
Error - 23.12.2012 04:13:26 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ce8 Startzeit:
01cde0e547fc0a08 Endzeit: 125 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
9ea007d9-4cd8-11e2-9e41-00199977be0c
Error - 23.12.2012 04:16:21 | Computer Name = Amalia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: IEButtonAmazonInterface.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset:
0x06ad9587 ID des fehlerhaften Prozesses: 0x49c Startzeit der fehlerhaften Anwendung:
0x01cde0e5999e4358 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: IEButtonAmazonInterface.dll Berichtskennung:
0806d968-4cd9-11e2-9e41-00199977be0c
Error - 23.12.2012 14:44:54 | Computer Name = Amalia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
Zeitstempel: 0x50b71a4b Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
Zeitstempel: 0x50b7198b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00144ed8 ID des fehlerhaften
Prozesses: 0xe1c Startzeit der fehlerhaften Anwendung: 0x01cde0ed8efd1ca0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
d70c4444-4d30-11e2-9170-00199977be0c
[ System Events ]
Error - 29.11.2012 14:55:16 | Computer Name = Amalia-PC | Source = DCOM | ID = 10005
Description =
Error - 29.11.2012 14:55:16 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 29.11.2012 14:55:16 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
Error - 05.12.2012 01:09:13 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 05.12.2012 01:09:13 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 16.12.2012 16:11:11 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst eventlog erreicht.
Error - 23.12.2012 15:16:14 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 23.12.2012 15:20:42 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 23.12.2012 15:22:33 | Computer Name = Amalia-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 23.12.2012 15:23:41 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
|
|
23.12.2012, 22:36
| #13 |
| | Virus "Deutsche Post" Aufforderung zur SendungsabholungCode:
ATTFilter OTL Extras logfile created on: 23.12.2012 22:24:35 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amalia\Desktop\Anwendungen
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,19% Memory free
8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,00 Gb Total Space | 253,98 Gb Free Space | 84,66% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 539,50 Gb Free Space | 57,92% Space Free | Partition Type: NTFS
Drive E: | 629,50 Gb Total Space | 606,14 Gb Free Space | 96,29% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: AMALIA-PC | User Name: Amalia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0153A012-A83E-4696-93EF-78471954BE3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{0330F4DD-7DC8-47CD-BB7D-8EFD361D44E6}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=%systemroot%\system32\vds.exe |
"{041D5C64-2301-4DA7-AE60-7ECBB0A7E1A8}" = rport=5357 | protocol=6 | dir=out | app=system |
"{0623118B-7FF0-438A-88E8-4B1A4AD3E3A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07E29018-88DC-403F-97E7-D7C22B74F33B}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=%systemroot%\system32\svchost.exe |
"{149481D4-C49E-4031-9BF3-01FE7E66E968}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{14E1BC27-7CD1-4011-BB0C-EB9C530B0758}" = lport=5358 | protocol=6 | dir=in | app=system |
"{19573F3A-593F-4D5F-A520-9EBE61D74F5F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1B8BC06A-BC29-40A8-8F82-DF3EDD9C0458}" = rport=139 | protocol=6 | dir=out | app=system |
"{20B27E73-9F5E-47B2-B3E8-A928BBFA00B0}" = rport=5358 | protocol=6 | dir=out | app=system |
"{218B14D2-5AC2-443B-8152-C07D82863621}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22C75A9E-6205-4C63-A598-27704B7F0A3E}" = lport=5357 | protocol=6 | dir=in | app=system |
"{248FB794-2CA9-46E3-ABDB-949E0618F5B2}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{266F16B1-A4F4-4713-92D3-341ED8D8D2B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BA1623C-3221-400C-9AA9-2BEA5977B155}" = lport=443 | protocol=6 | dir=in | app=system |
"{2D1843E7-CD9B-43DD-8486-E65B0FC6A537}" = rport=445 | protocol=6 | dir=out | app=system |
"{2EBAE9E9-281A-48D2-B12D-13A334B5D7BF}" = lport=10245 | protocol=6 | dir=in | app=system |
"{304D6EA1-F228-41E4-9B12-E1CE9F38A887}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe |
"{309B415C-2AA2-4E83-9C0D-168EE44D3ACA}" = rport=1701 | protocol=17 | dir=out | app=system |
"{3299CA7B-C5A3-431C-B7C2-B796A5A4BC78}" = lport=445 | protocol=6 | dir=in | app=system |
"{3561E932-B6A7-44B9-969B-4AFA037B8F11}" = rport=137 | protocol=17 | dir=out | app=system |
"{3806DFE1-DA05-4157-9EE0-F3E0A723F28C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CAA85A2-38DB-466A-802F-4F9B968D0846}" = lport=1723 | protocol=6 | dir=in | app=system |
"{44525CC5-1424-4876-B102-6A92F660E67D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{49C9DC27-29C6-4049-A1F4-5ABD7B57ACC4}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{500902F4-B382-4F1C-AC50-6D5EB803B7E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59D6DDC3-F6CA-4D84-A614-85D988302C1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F52CDC9-04D8-4610-AC86-3B8FC879867C}" = rport=1723 | protocol=6 | dir=out | app=system |
"{6DA2723E-1658-495F-BE1F-3D421C96A334}" = lport=5985 | protocol=6 | dir=in | app=system |
"{6E3893FB-313F-4358-B74A-8B4BE81EADE7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{70F4E74B-4E15-4BED-B4C1-1B2A1C1FAEDA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7166D1F6-82B8-4A4D-B68D-D189DD241CE8}" = lport=445 | protocol=6 | dir=in | app=system |
"{72DE9C05-95DD-41F6-AAD4-FCCCF8F96EF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{791F1B98-BC4C-4C9A-816A-A03C62452130}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7AA3A99F-9E96-4FFD-89EF-72C757A38E26}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8146E82A-037B-41CC-8611-69DA711CE05C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{815E0B4E-6B6F-4EB7-A077-065D0AE82D33}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{82858F5A-39D4-41AC-833D-FE8E6C8EA69F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{837AE6B8-85F0-4761-9EFE-6B7A32B99879}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{85D8634D-8310-4ED5-AD96-DD2508B0A826}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\services.exe |
"{8B88D51A-8192-4E08-B1C1-970C1810D0F1}" = lport=10244 | protocol=6 | dir=in | app=system |
"{8D36CD8E-9FB2-4781-A34E-AFED3F921D80}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{8D8E4621-FCCD-468F-A712-729077152CAC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E84F65E-6B11-40BA-ADE9-A3D2CF36FF7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9401BCD8-8C34-45C9-9356-9DD36CF3CE28}" = lport=445 | protocol=6 | dir=in | app=system |
"{94286CC8-4494-4402-8A4E-C82DA8A8A6BA}" = lport=80 | protocol=6 | dir=in | app=system |
"{9D4214AF-0F44-41EF-BD4E-C8E457130C82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D8BB10D-32A4-450C-906F-93A0B0BE37F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2615FC9-682C-43F4-B309-14B13FEDDF34}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=%systemroot%\system32\svchost.exe |
"{A54902FE-B6BA-484E-920B-0F4EED2B74C4}" = rport=138 | protocol=17 | dir=out | app=system |
"{A83F7ABD-EC45-4695-92E8-66A00A64E33D}" = lport=139 | protocol=6 | dir=in | app=system |
"{AAA54C37-E5A5-478E-9415-7E93CCC7748E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADEEC9D1-BDCB-41D6-91AC-F3648B4C725C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0CC6AD2-794D-44ED-B645-AC7F183FFCAD}" = lport=1701 | protocol=17 | dir=in | app=system |
"{B0F51A19-F62C-4309-BB66-1E2D820F69B2}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\vdsldr.exe |
"{B2D92BC4-8ACE-4D83-9190-0E95653C59FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{B4FE0105-FC18-49D2-BC63-B6709865656A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B637CAE5-826D-4072-BF66-B85FA857039B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{BEFE314B-7C55-44A6-AF4F-1EE72E365E29}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{BFF9C548-0A07-482D-94CB-3D8F21B5D6EE}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{C244656D-7439-4A1C-B7B8-733E6E69E171}" = lport=445 | protocol=6 | dir=in | app=system |
"{CE9ECF38-777C-4311-AF19-F8E54D71BA64}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=%systemroot%\system32\snmptrap.exe |
"{D48AF527-2134-4669-A304-C15749B74A4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{D5DBC691-4F5F-4B38-90E3-890D1308EB98}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D7DA73AF-8321-42E1-856E-C3ED0B06568A}" = lport=137 | protocol=17 | dir=in | app=system |
"{D8DF24ED-CBB3-4D0C-B107-A2ACD9E7AFD4}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E9505B57-97F0-4312-8879-971E5B5B738D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EFD79D64-E4EE-460D-8337-0E4FCEBDA78D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{F3A50E6E-4DB5-4FF6-AFF9-04FC21574420}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=%systemroot%\system32\svchost.exe |
"{F77D1206-A014-4DAA-AAFE-8A4F72D6E540}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCB2D2CC-C05C-4A38-9609-1F42D04068DA}" = lport=3390 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03240E39-F716-44A3-87B1-897C9CD34456}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{055C56C2-1D73-4654-8E6F-41D34F14B94A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0819228A-A41F-4227-B204-A5348C8394D0}" = protocol=6 | dir=in | svc=winmgmt | app=%systemroot%\system32\svchost.exe |
"{0BC6B742-4A87-486A-91D2-E811C23C0564}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0D9BBFCF-892B-4323-A7C4-5BDF900F3565}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{0EDF796C-2C75-487E-AAE8-D582A9FE5936}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1063A553-E15E-454D-B6B2-4591FDD06FB0}" = dir=in | app=c:\users\amalia\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{1515667F-004B-425C-AEC3-1F7126B0777D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{16B854BA-470B-4AB8-A4D5-70C6BD7A922D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{230EF796-44FA-4328-872F-7A0A806A730C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{35898413-ABB5-49F0-BB7B-CC7D12C38EDD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D43A713-4EF1-44BC-9F51-F936345A7F43}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46EE5822-9ABF-4343-A9DB-9354797FF97D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4885A0F5-6C25-465A-815D-3E39F2C9F612}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4C42C775-3A92-4A29-A5D0-8D1B4F6A7B6D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{4DF7099D-304B-40BF-A87D-568B34570538}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4F42BCF2-E5AB-4B65-85C3-FC32C88E4703}" = protocol=17 | dir=in | app=c:\program files (x86)\fujitsu\launchcenter\launchcenter.exe |
"{551EC3D8-183A-4BAB-AA0F-C69B4059910D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60DF8CD5-3B50-406A-AFE8-4EEBA0CC4E7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6517C735-F645-4F38-B41F-CF135468A0A7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6B66D56B-6471-4B0D-9136-B911DD136F37}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{73754468-5626-466F-8DF3-561DFEE74C95}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
"{73E895F3-6123-436F-8FFF-392B00B55E73}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{748F7FED-22C3-4125-9DE9-E9E6A8F54D8C}" = protocol=6 | dir=in | app=%systemroot%\system32\msdtc.exe |
"{85210534-D8EF-41E3-903B-FC5EF0C52CAB}" = protocol=6 | dir=out | svc=winmgmt | app=%systemroot%\system32\svchost.exe |
"{8A7A1888-EEED-4ED7-86B6-203A3B4BBF86}" = protocol=6 | dir=in | app=c:\windows\system32\xpsrchvw.exe |
"{8DBDBD99-06FB-433F-B82D-58CA537FF081}" = protocol=6 | dir=in | app=c:\program files (x86)\fujitsu\launchcenter\launchcenter.exe |
"{8E2184A5-78DA-4CAF-83C9-3ACB5091871C}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{930ADC0C-DEC8-48CB-A266-D91FD8C23993}" = protocol=6 | dir=in | app=%systemroot%\system32\wbem\unsecapp.exe |
"{980E0017-9691-452E-BF9B-4D1350E70E4E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9833404E-5ACA-40F1-A695-E1355ACE0D16}" = protocol=17 | dir=in | app=c:\windows\system32\xpsrchvw.exe |
"{98A7174F-C07D-4A3F-A002-F8B69F90E8BA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9A22EE72-9CDE-477D-B8E9-FB6A2CCFD259}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A11FB719-EA23-41FD-BAAD-43C2AD22776E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1E7B5A2-1370-457B-A76F-BE539599BA31}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5C5D733-1917-4E51-9E76-57E38F464AB6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A690EA88-792A-4D29-A9C8-E6B8C5A41503}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{A71020A5-F5CC-491D-ADED-F0C43163B127}" = protocol=6 | dir=in | app=%systemroot%\system32\plasrv.exe |
"{A7E27397-D614-4E6C-B043-8F8D3181F1FE}" = protocol=47 | dir=in | app=system |
"{A980C34B-FDE5-493D-B91C-E70744267DB8}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{AC29A4A7-075D-461C-9F87-47AE8B943BE9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{BE6AE44B-EAC9-409B-AC42-0A7B556C91E3}" = protocol=47 | dir=out | app=system |
"{BF24DD6B-62ED-41F4-811F-FBFF7E101301}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C4137874-5E55-4332-9BAA-71FB741ED727}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E0E5D289-E0D7-4564-88A6-44D7FEBE32D9}" = protocol=6 | dir=out | app=%systemroot%\system32\msdtc.exe |
"{E2E68302-31CD-408F-8B7A-1B9C9FE03BED}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{E715E7AE-E284-4265-82A9-9EE6CACEF974}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2F77838-0429-4CDD-926C-70056F8A41B6}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
"{F6545452-E63C-4768-9AD9-732A0B958EFC}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{FC683782-83E5-4DC3-A149-5538A8F9A2B8}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"TCP Query User{22B2BEE1-CACE-4E22-BFE7-A3ED87E8678E}E:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"TCP Query User{2AFEEEE3-8D60-424E-8EC0-F35F7B620F3B}C:\users\amalia\appdata\roaming\yhzul\umavg.exe" = protocol=6 | dir=in | app=c:\users\amalia\appdata\roaming\yhzul\umavg.exe |
"TCP Query User{9D30C3DE-380F-4389-9EE3-7EEA74F6DC9E}E:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe" = protocol=6 | dir=in | app=e:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe |
"UDP Query User{2E638314-4640-4767-A053-D185FAF51186}E:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe" = protocol=17 | dir=in | app=e:\games\mensch ärgere dich nicht\don't get angry 2\da2.exe |
"UDP Query User{4119BB55-74C8-4553-B8F0-4D1E74E35C73}E:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{E6BF811A-3B5A-4F3E-B259-1965C75B312B}C:\users\amalia\appdata\roaming\yhzul\umavg.exe" = protocol=17 | dir=in | app=c:\users\amalia\appdata\roaming\yhzul\umavg.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON SX410 Series" = Druckerdeinstallation für EPSON SX410 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3DCD04C-BE9C-408C-BC8C-B77AF972DBC2}" = teXXas
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam RW-100
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Don't Get Angry! 2_is1" = Don't Get Angry! 2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"Haushaltsbuch2" = Softwarenetz Haushaltsbuch2
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoScape" = PhotoScape
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1634775548-2055541098-4236926659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.12.2012 11:35:07 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 498 Startzeit:
01cde059de8cc110 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
283e5a81-4c4d-11e2-9ba9-00199977be0c
Error - 22.12.2012 12:54:19 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 6d0 Startzeit:
01cde064e0341710 Endzeit: 94 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
38124a61-4c58-11e2-b41d-00199977be0c
Error - 22.12.2012 12:55:01 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c38 Startzeit:
01cde064fcf6bb00 Endzeit: 62 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
512ff291-4c58-11e2-b41d-00199977be0c
Error - 22.12.2012 15:32:21 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11fc Startzeit:
01cde07aff676ec8 Endzeit: 124 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
4c0d8079-4c6e-11e2-b41d-00199977be0c
Error - 23.12.2012 02:02:19 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm thunderbird.exe, Version 17.0.0.4703 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 3dc Startzeit: 01cde0d2a24521b0 Endzeit: 10 Anwendungspfad:
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Berichts-ID: 4d738c71-4cc6-11e2-9e41-00199977be0c
Error - 23.12.2012 02:54:22 | Computer Name = Amalia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
Zeitstempel: 0x50b71a4b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0023000a ID des fehlerhaften
Prozesses: 0xc6c Startzeit der fehlerhaften Anwendung: 0x01cde0da5467c6c0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 940e0e60-4ccd-11e2-9e41-00199977be0c
Error - 23.12.2012 04:12:38 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f0c Startzeit:
01cde0e52f473d98 Endzeit: 172 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
81c0d369-4cd8-11e2-9e41-00199977be0c
Error - 23.12.2012 04:13:26 | Computer Name = Amalia-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ce8 Startzeit:
01cde0e547fc0a08 Endzeit: 125 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
9ea007d9-4cd8-11e2-9e41-00199977be0c
Error - 23.12.2012 04:16:21 | Computer Name = Amalia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: IEButtonAmazonInterface.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset:
0x06ad9587 ID des fehlerhaften Prozesses: 0x49c Startzeit der fehlerhaften Anwendung:
0x01cde0e5999e4358 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: IEButtonAmazonInterface.dll Berichtskennung:
0806d968-4cd9-11e2-9e41-00199977be0c
Error - 23.12.2012 14:44:54 | Computer Name = Amalia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
Zeitstempel: 0x50b71a4b Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
Zeitstempel: 0x50b7198b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00144ed8 ID des fehlerhaften
Prozesses: 0xe1c Startzeit der fehlerhaften Anwendung: 0x01cde0ed8efd1ca0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
d70c4444-4d30-11e2-9170-00199977be0c
[ System Events ]
Error - 29.11.2012 14:55:16 | Computer Name = Amalia-PC | Source = DCOM | ID = 10005
Description =
Error - 29.11.2012 14:55:16 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 29.11.2012 14:55:16 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
Error - 05.12.2012 01:09:13 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 05.12.2012 01:09:13 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 16.12.2012 16:11:11 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst eventlog erreicht.
Error - 23.12.2012 15:16:14 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 23.12.2012 15:20:42 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 23.12.2012 15:22:33 | Computer Name = Amalia-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 23.12.2012 15:23:41 | Computer Name = Amalia-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
|
|
24.12.2012, 16:03
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "Deutsche Post" Aufforderung zur Sendungsabholung Bitte mal den aktuellen adwCleaner v2.102 runterladen, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.12.2012, 20:00
| #15 |
| | Virus "Deutsche Post" Aufforderung zur SendungsabholungCode:
ATTFilter # AdwCleaner v2.102 - Datei am 24/12/2012 um 19:59:39 erstellt
# Aktualisiert am 23/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Amalia - AMALIA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Amalia\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Amalia\AppData\Roaming\Mozilla\Firefox\Profiles\hgcsgmew.default-1356193177807\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [6161 octets] - [23/12/2012 21:30:33]
AdwCleaner[R2].txt - [849 octets] - [24/12/2012 19:59:39]
AdwCleaner[S1].txt - [5923 octets] - [23/12/2012 22:17:12]
########## EOF - C:\AdwCleaner[R2].txt - [968 octets] ##########
|
|
| Themen zu Virus "Deutsche Post" Aufforderung zur Sendungsabholung |
| administrator, ahnung, anleitung, anti-malware, antworten, appdata, autostart, backdoor.bot.emwd, dateien, deutsche post, ergebnis, explorer, gelöscht, google, hallo zusammen, malwarebytes, microsoft, quarantäne, rogue.pcdefenderplus, software, speicher, tipps, trojan.agent.ge, trojan.agent.gen, trojan.fakems, version |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
