| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: mms@t-mobile.de Anhang geöffnetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.01.2013, 21:58
| #1 |
| |  mms@t-mobile.de Anhang geöffnet Guten Tag, wie auch schon einige andere habe ich eine E-Mail von "mms@t-mobile.de" erhalten. Darin war eine Nummer zu sehen und eine Zip-Datei angehangen. Diese habe ich dann dummerweise runtergeladen und mit winrar geöffnet. Die Datei hieß Sybol.jpg.exe wenn ich mich nicht irre. Als ich sie ausgeführt habe passierte nichts. Danach wollte ich Chrome starten, doch anstatt Chrome öffnete sich dann der Internet Explorer und ich wurde aufgefordert java-updates zu installieren, was ich jedoch nicht gemacht habe. Danach habe ich mich über Firefox informiert und gelesen, dass bei Leuten mit dem selben bzw. ähnlichen Problem Combofix geholfen hat. Also habe ich das Programm heruntergeladen und ausgeführt mit folgendem Ergebnis: Code:
ATTFilter ComboFix 13-01-30.04 - Haus 30.01.2013 22:13:04.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2048.937 [GMT 1:00]
ausgeführt von:: c:\users\Haus\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\program files\facemoods.com\sqlite3.dll
c:\users\Haus\AppData\Roaming\videogmon.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-28 bis 2013-01-30 ))))))))))))))))))))))))))))))
.
.
2013-01-28 09:09 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-27 08:46 . 2013-01-27 08:46 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-01-26 15:11 . 2013-01-26 15:13 -------- d-----w- c:\program files\Google
2013-01-15 12:34 . 2013-01-15 12:34 -------- d-----w- c:\program files\FreeTime
2013-01-09 20:52 . 2012-12-07 12:20 2576384 ----a-w- c:\windows\system32\gameux.dll
2013-01-09 20:50 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 20:49 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-08 16:15 . 2013-01-08 17:09 -------- d-----w- c:\users\Haus\AppData\Roaming\HandBrake
2013-01-03 22:43 . 2010-10-22 01:01 78336 ----a-w- c:\windows\system32\fwusbnci.dll
2013-01-03 22:43 . 2010-10-22 01:01 586752 ----a-w- c:\windows\system32\drivers\fwlanusbn.sys
2013-01-03 22:43 . 2010-10-22 01:01 4352 ----a-w- c:\windows\system32\drivers\avmeject.sys
2013-01-03 22:43 . 2010-10-22 01:01 15565 ----a-w- c:\windows\system32\drivers\fwlanusbn.bin
2013-01-02 19:51 . 2013-01-02 19:51 -------- d-----w- C:\Download
2013-01-02 19:49 . 2013-01-02 19:49 -------- d-----w- c:\users\Haus\AppData\Roaming\Samsung
2013-01-02 19:45 . 2013-01-02 19:45 -------- d-----w- C:\AllShare
2013-01-02 19:44 . 2013-01-02 19:44 -------- d-----w- c:\program files\Samsung
2013-01-02 19:25 . 2013-01-02 19:25 -------- d-----w- c:\users\Haus\AppData\Local\Downloaded Installations
2013-01-02 18:12 . 2012-07-01 23:15 4102656 ----a-w- c:\windows\system32\x264vfw.dll
2013-01-02 18:12 . 2011-12-07 18:32 216064 ----a-w- c:\windows\system32\lagarith.dll
2013-01-02 18:12 . 2004-05-18 19:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2013-01-02 18:12 . 2011-12-21 18:14 151552 ----a-w- c:\windows\system32\ac3acm.acm
2013-01-02 18:12 . 2011-06-24 15:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2013-01-02 18:12 . 2011-06-24 15:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2013-01-02 18:12 . 2012-06-09 18:21 178688 ----a-w- c:\windows\system32\unrar.dll
2013-01-02 18:12 . 2012-12-24 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2013-01-02 18:12 . 2013-01-02 18:12 -------- d-----w- c:\program files\K-Lite Codec Pack
2013-01-02 18:06 . 2013-01-02 18:06 -------- d-----w- c:\users\Haus\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 22:00 . 2012-03-28 18:18 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 22:00 . 2011-08-06 20:07 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 14:13 . 2012-12-21 15:32 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-12 11:52 . 2012-12-12 12:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 12:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 14:37 . 2012-11-02 14:37 862664 ----a-w- c:\windows\system32\msvcr110.dll
2012-11-02 14:37 . 2012-11-02 14:37 534480 ----a-w- c:\windows\system32\msvcp110.dll
2012-11-02 14:37 . 2012-11-02 14:37 44184 ----a-w- c:\windows\system32\drivers\point32.sys
2012-11-02 14:37 . 2012-11-02 14:37 251864 ----a-w- c:\windows\system32\vccorlib110.dll
2012-11-02 14:37 . 2012-11-02 14:37 2122392 ----a-w- c:\windows\system32\coin92.dll
2012-11-02 05:11 . 2012-12-12 12:16 376832 ----a-w- c:\windows\system32\dpnet.dll
2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe
2013-01-19 17:03 . 2013-01-19 17:03 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Questler Bonusfinder"="c:\users\Haus\Desktop\bonusfinder.exe" [2011-08-11 1122304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1093232]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 1668720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"facemoods"="c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AVMWlanClient"=c:\program files\avmwlanstick\FRITZWLANMini.exe
"Eraser"="c:\progra~1\Eraser\Eraser.exe" --atRestart
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130116.013\BHDrvx86.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccSetx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130129.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0604000.009\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S2 SystemStore;System Store;c:\program files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [x]
S2 SystemStoreService;System Store Service;c:\program files\SelfUpdater\SystemStore.exe -displayname System Store Service -servicename:SystemStoreService [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 Ph6xIB32;NXP 716x PCIe TV Card;c:\windows\system32\DRIVERS\Ph6xIB32.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-26 15:13 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 22:00]
.
2011-08-05 c:\windows\Tasks\autokms.job
- c:\windows\AutoKMS.exe [2011-08-05 19:13]
.
2013-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-26 15:11]
.
2013-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-26 15:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = fritz.box
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Haus\AppData\Roaming\Mozilla\Firefox\Profiles\p9th0j0p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.questler.de/index.php?site=history
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-{EF53DD60-C4E2-11DB-3D6C-167690F54AE1} - c:\program files\Notation\Uninst_Notation Composer 2.6.3
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SystemStoreService]
"ImagePath"="\"c:\program files\SelfUpdater\SystemStore.exe\" -displayname \"System Store Service\" -servicename:SystemStoreService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\avmwlanstick\WlanNetService.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\SelfUpdater\SystemStore.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-30 22:30:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-30 21:30
.
Vor Suchlauf: 10 Verzeichnis(se), 85.410.258.944 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 85.173.698.560 Bytes frei
.
- - End Of File - - DC8EFCF86661988CB5A017814992FFD7
Doch nach einem Neustart hat sich das alles wieder geregelt. Somit konnte ich auch Chrome wieder nutzen, ohne dass der IE startete. Jetzt habe ich jedoch Angst, dass da noch was ist, was nicht entfernt wurde. (Norton konnte da nicht helfen, weil es nichts fand) So habe ich auch hierher gefunden. Wie in der Forenanleitung beschrieben habe ich die drei Programme durchlaufen lassen mit folgenden Logs: OTL Code:
ATTFilter OTL logfile created on: 30.01.2013 23:40:13 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Haus\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,56% Memory free 4,00 Gb Paging File | 2,69 Gb Available in Paging File | 67,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 79,07 Gb Free Space | 53,08% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 82,33 Gb Free Space | 55,24% Space Free | Partition Type: NTFS Computer Name: HAUS-PC | User Name: Haus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.30 23:35:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Haus\Desktop\OTL.exe PRC - [2013.01.25 17:03:23 | 000,462,848 | ---- | M] () -- C:\Programme\SelfUpdater\SystemStore.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.11.02 15:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe PRC - [2012.11.02 15:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe PRC - [2012.09.28 02:38:42 | 000,473,088 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.0.9\ccsvchst.exe PRC - [2012.05.21 14:42:44 | 000,050,176 | ---- | M] () -- C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe PRC - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe PRC - [2012.03.01 23:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\AllShare\AllShareAgent.exe PRC - [2011.08.11 21:22:55 | 001,122,304 | ---- | M] (Questler) -- C:\Users\Haus\Desktop\bonusfinder.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 22:29:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2009.07.24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007.12.17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE PRC - [2007.01.11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE PRC - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe ========== Modules (No Company Name) ========== MOD - [2013.01.10 12:04:36 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\a45ad5e78dd84714738ac500e1412a9d\WindowsFormsIntegration.ni.dll MOD - [2013.01.10 12:04:08 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll MOD - [2013.01.10 12:00:31 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\08c6c4697818c7c8fb4491469dc5daa1\UIAutomationProvider.ni.dll MOD - [2013.01.10 12:00:30 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 12:00:15 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.09 23:47:35 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll MOD - [2013.01.09 23:47:17 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll MOD - [2013.01.09 23:47:09 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.01.09 23:47:04 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll MOD - [2013.01.09 23:46:50 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.01.09 23:46:48 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013.01.09 23:46:43 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.01.09 23:46:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.09 23:46:34 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.01.09 23:46:30 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.09 23:46:19 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Services (SafeList) ========== SRV - [2013.01.25 17:03:23 | 000,462,848 | ---- | M] () [Auto | Running] -- C:\Programme\SelfUpdater\SystemStore.exe -- (SystemStoreService) SRV - [2013.01.19 18:03:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.08 23:00:25 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360) SRV - [2012.05.21 14:42:44 | 000,050,176 | ---- | M] () [Auto | Running] -- C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe -- (SystemStore) SRV - [2012.03.12 17:28:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0) SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.07.24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007.01.11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) SRV - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Haus\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013.01.16 12:14:48 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130130.004\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.16 12:14:48 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130130.004\NAVENG.SYS -- (NAVENG) DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.11.01 21:52:48 | 000,064,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2012.09.28 03:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.09.28 02:12:10 | 000,370,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.09.06 03:54:30 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130129.001\IDSvix86.sys -- (IDSVix86) DRV - [2012.08.09 08:16:51 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.08.09 08:16:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.07.22 11:13:28 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP) DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360) DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys -- (SymEFA) DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2012.03.29 07:28:38 | 000,318,584 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symnets.sys -- (SymNetS) DRV - [2012.03.29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys -- (SymDS) DRV - [2012.03.29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON) DRV - [2011.12.04 12:23:19 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.07.20 01:54:06 | 000,047,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV - [2011.07.19 22:12:22 | 000,225,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf) DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.10.22 02:01:00 | 000,586,752 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn) DRV - [2010.10.22 02:01:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.08.13 08:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp) DRV - [2009.07.13 23:54:15 | 001,277,952 | ---- | M] (NXP Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph6xIB32.sys -- (Ph6xIB32) DRV - [2008.07.26 14:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.07.26 14:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2008.07.26 14:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2008.07.26 14:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter) DRV - [2006.02.23 16:16:36 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D 80 76 1A 29 FF CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.questler.de/index.php?site=history" FF - prefs.js..extensions.enabledAddons: %7Bc2921baa-9930-4d73-a203-f69db688f139%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.04.06 13:33:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012.07.22 11:14:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013.01.30 22:58:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 18:03:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 18:03:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 18:03:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 18:03:43 | 000,000,000 | ---D | M] [2011.08.03 12:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haus\AppData\Roaming\mozilla\Extensions [2012.12.11 14:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haus\AppData\Roaming\mozilla\Firefox\Profiles\p9th0j0p.default\extensions [2011.08.30 14:37:57 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Haus\AppData\Roaming\mozilla\Firefox\Profiles\p9th0j0p.default\extensions\ffxtlbr@Facemoods.com [2012.12.11 14:17:30 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Haus\AppData\Roaming\mozilla\firefox\profiles\p9th0j0p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.05.18 17:00:59 | 000,003,714 | ---- | M] () (No name found) -- C:\Users\Haus\AppData\Roaming\mozilla\firefox\profiles\p9th0j0p.default\extensions\{c2921baa-9930-4d73-a203-f69db688f139}.xpi [2010.10.10 15:46:56 | 000,004,669 | ---- | M] () (No name found) -- C:\Users\Haus\AppData\Roaming\mozilla\firefox\profiles\p9th0j0p.default\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js [2013.01.19 18:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.19 18:03:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.01.19 18:03:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.01.19 18:03:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.01.19 18:03:47 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.23 08:21:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 08:39:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.23 08:21:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 08:21:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 08:21:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 08:21:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - Extension: Google Docs = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Docs = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\ CHR - Extension: Google Drive = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: Google Drive = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Klicken, um Gutscheine f\u00FCr die aktuelle Seite anzuzeigen = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjacnemeogppppmlcoafbiacilcpngh\1.1.0.0_0\ CHR - Extension: Norton Identity Protection = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ CHR - Extension: Google Mail = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.01.30 22:25:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [AllShareAgent] C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Questler Bonusfinder] C:\Users\Haus\Desktop\bonusfinder.exe (Questler) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab (Navigram Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.11.2) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.11.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E0ED5CB-DC57-4AD4-8ECD-A53D4CD1D4F8}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{402363ED-B8D6-45AD-8950-C0F9BE9A6C74}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.30 23:35:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Haus\Desktop\OTL.exe [2013.01.30 23:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.01.30 22:29:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.30 22:23:16 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.30 22:10:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.30 22:10:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.30 22:10:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.30 22:07:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.30 22:06:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.30 22:02:38 | 005,028,065 | R--- | C] (Swearware) -- C:\Users\Haus\Desktop\ComboFix.exe [2013.01.27 09:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2013.01.27 09:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2013.01.26 16:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013.01.19 18:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.15 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\Haus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory [2013.01.15 13:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime [2013.01.08 17:15:13 | 000,000,000 | ---D | C] -- C:\Users\Haus\AppData\Roaming\HandBrake [2013.01.05 17:01:59 | 000,000,000 | ---D | C] -- C:\Users\Haus\Desktop\Samsung ChannelListPCEditor 1.09 [2013.01.03 23:43:04 | 000,586,752 | ---- | C] (AVM GmbH) -- C:\Windows\System32\drivers\fwlanusbn.sys [2013.01.03 23:43:04 | 000,078,336 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwusbnci.dll [2013.01.03 23:43:04 | 000,004,352 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmeject.sys [2013.01.02 20:51:55 | 000,000,000 | ---D | C] -- C:\Download [2013.01.02 20:50:00 | 000,000,000 | ---D | C] -- C:\Users\Haus\Documents\My Videos [2013.01.02 20:49:59 | 000,000,000 | ---D | C] -- C:\Users\Haus\AppData\Roaming\Samsung [2013.01.02 20:45:37 | 000,000,000 | ---D | C] -- C:\AllShare [2013.01.02 20:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2013.01.02 20:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2013.01.02 20:36:20 | 000,000,000 | ---D | C] -- C:\Users\Haus\Documents\Meine Paletten [2013.01.02 20:25:38 | 000,000,000 | ---D | C] -- C:\Users\Haus\AppData\Local\Downloaded Installations [2013.01.02 19:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2013.01.02 19:12:33 | 004,102,656 | ---- | C] (x264vfw project) -- C:\Windows\System32\x264vfw.dll [2013.01.02 19:12:33 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\System32\huffyuv.dll [2013.01.02 19:12:32 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2013.01.02 19:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2013.01.02 19:06:35 | 000,000,000 | ---D | C] -- C:\Users\Haus\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2013.01.30 23:35:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Haus\Desktop\OTL.exe [2013.01.30 23:34:34 | 000,000,000 | ---- | M] () -- C:\Users\Haus\defogger_reenable [2013.01.30 23:33:47 | 000,050,477 | ---- | M] () -- C:\Users\Haus\Desktop\Defogger.exe [2013.01.30 23:08:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.30 23:08:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.30 23:06:32 | 000,032,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 23:06:32 | 000,032,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 22:59:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.30 22:58:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.30 22:58:06 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys [2013.01.30 22:51:23 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.30 22:51:23 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.30 22:51:23 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.30 22:51:23 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.30 22:25:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.01.30 22:06:03 | 005,028,065 | R--- | M] (Swearware) -- C:\Users\Haus\Desktop\ComboFix.exe [2013.01.30 12:06:10 | 000,000,264 | ---- | M] () -- C:\Users\Haus\Desktop\data.qst [2013.01.29 20:41:36 | 000,999,795 | ---- | M] () -- C:\Users\Haus\Desktop\Bild (14).jpg [2013.01.29 01:05:16 | 005,427,151 | ---- | M] () -- C:\Users\Haus\Desktop\Bedienungsanleitung_Deutz_D15.pdf [2013.01.27 09:47:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01011.Wdf [2013.01.27 09:37:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01011.Wdf [2013.01.15 13:35:16 | 000,001,156 | ---- | M] () -- C:\Users\Haus\Desktop\Format Factory.lnk [2013.01.10 07:50:57 | 003,852,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.02 20:49:58 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk ========== Files Created - No Company Name ========== [2013.01.30 23:34:34 | 000,000,000 | ---- | C] () -- C:\Users\Haus\defogger_reenable [2013.01.30 23:33:47 | 000,050,477 | ---- | C] () -- C:\Users\Haus\Desktop\Defogger.exe [2013.01.30 23:03:25 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.30 23:03:23 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.30 22:10:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.30 22:10:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.30 22:10:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.30 22:10:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.30 22:10:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.29 20:41:28 | 000,999,795 | ---- | C] () -- C:\Users\Haus\Desktop\Bild (14).jpg [2013.01.29 01:05:16 | 005,427,151 | ---- | C] () -- C:\Users\Haus\Desktop\Bedienungsanleitung_Deutz_D15.pdf [2013.01.27 09:47:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01011.Wdf [2013.01.27 09:37:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01011.Wdf [2013.01.15 13:35:14 | 000,001,156 | ---- | C] () -- C:\Users\Haus\Desktop\Format Factory.lnk [2013.01.03 23:43:07 | 000,013,202 | ---- | C] () -- C:\Windows\instwcli.inf [2013.01.03 23:43:04 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2013.01.02 20:49:58 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk [2013.01.02 19:12:33 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2013.01.02 19:12:32 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2013.01.02 19:12:32 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2013.01.02 19:12:31 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll [2013.01.02 19:12:26 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.09.28 14:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.05.23 16:31:02 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.05.18 17:23:09 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.03.09 05:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.03.09 05:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2011.12.27 20:43:41 | 002,261,764 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat [2011.12.27 20:43:17 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2011.10.12 11:25:02 | 000,000,054 | ---- | C] () -- C:\Windows\Composer.INI [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.08.05 20:13:17 | 000,614,400 | ---- | C] () -- C:\Windows\autokms.exe [2011.08.04 17:27:03 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.08.04 17:27:03 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.08.04 17:27:03 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.08.04 17:27:03 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.08.04 17:27:03 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.08.04 17:27:03 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.08.04 17:27:03 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.08.04 17:27:03 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.08.04 17:27:03 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.08.04 17:27:03 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.08.04 17:27:03 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.08.04 17:27:03 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.08.04 17:27:03 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.08.04 17:27:03 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.08.04 17:27:03 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.08.04 17:27:03 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.08.04 17:27:03 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.08.04 17:27:03 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.08.04 17:27:03 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011.08.04 13:37:41 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini [2011.07.14 18:13:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.07.14 17:45:16 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2011.04.12 02:30:05 | 000,654,150 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.04.12 02:30:05 | 000,130,022 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.03.12 17:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files\navigram_register.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.04.01 19:03:07 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\.minecraft [2012.04.06 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.04.06 13:54:01 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\com.adobe.dmp.contentviewer [2012.04.02 22:26:48 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.01.27 09:42:02 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\DAEMON Tools Lite [2013.01.26 18:15:52 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\Dropbox [2012.12.22 21:51:08 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\DVDVideoSoft [2011.09.04 13:41:52 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.22 22:26:46 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\EPSON [2012.06.26 22:55:28 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\Freemium [2013.01.08 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\HandBrake [2012.03.28 11:34:58 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\Leadertech [2012.05.18 17:39:00 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\PrimoPDF [2013.01.02 20:49:59 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\Samsung [2012.11.26 20:10:26 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\TuneUp Software [2012.07.03 21:41:12 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\YourFileDownloader ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012.12.27 10:33:27 | 000,016,886 | ---- | M] ()(C:\Users\Haus\Desktop\??? ????????????????? ?????????? ?????????????.docx) -- C:\Users\Haus\Desktop\Для последовательного соединения аккумуляторов.docx [2012.12.27 10:33:25 | 000,016,886 | ---- | C] ()(C:\Users\Haus\Desktop\??? ????????????????? ?????????? ?????????????.docx) -- C:\Users\Haus\Desktop\Для последовательного соединения аккумуляторов.docx < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.01.2013 23:40:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Haus\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,56% Memory free
4,00 Gb Paging File | 2,69 Gb Available in Paging File | 67,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 79,07 Gb Free Space | 53,08% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 82,33 Gb Free Space | 55,24% Space Free | Partition Type: NTFS
Computer Name: HAUS-PC | User Name: Haus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1650022D-67BF-4DA0-9ED9-D51973FA3212}" = rport=138 | protocol=17 | dir=out | app=system |
"{23B5CBB7-7896-49FC-9A82-B71B615CA54E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{245D27CC-63F4-4A20-B0D2-8FD55A93E3AA}" = lport=137 | protocol=17 | dir=in | app=system |
"{371B1762-F8C2-471F-801A-A67873E5C391}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41C56FF1-9850-42D5-A366-032160C91512}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4835210B-AAE3-41B9-90B7-11BEB7F61BCF}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D090177-EF12-426C-9483-B5EC668B5551}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6787C61B-8CD5-45A3-BFBA-8D57FFDE3C25}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6CD4503D-A411-45E9-ADC9-5258FBE14F61}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75F91104-A9DC-41E0-8587-67EB63F60E6E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{78377DB7-9194-41CB-85B0-2EFE3D006BDA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A7E1F67-AAB1-4E46-BF83-BAB54D12DDCE}" = rport=445 | protocol=6 | dir=out | app=system |
"{9EDEC71E-42A4-4D92-B273-3E603EB5B4EC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A0B87852-804B-46D3-80C3-27985F9E0A0E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4DF8F73-FDD0-4F78-B8B7-50084A55C6F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA6CA66D-ACC2-459E-AF0B-1D950724833B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ABEEBDC5-2869-49B6-A45D-E4BCF6DAD686}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B67C8387-4379-4E1D-92FF-77636E42BF3A}" = rport=139 | protocol=6 | dir=out | app=system |
"{C66FE199-B77F-4FE8-840D-6040AD83A4FB}" = lport=445 | protocol=6 | dir=in | app=system |
"{D3E723F7-7641-4DFA-BBF6-0D5D8A7CADC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D53854DD-7264-4B4C-A30A-746F2FA1A918}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E6E214F1-1BBC-40AD-B7B4-D4216FF10E23}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8896F83-6AF8-4894-A0E8-D8E20B1CFAB2}" = lport=139 | protocol=6 | dir=in | app=system |
"{ECC91C7A-44CC-4500-BA25-281A47EBBED5}" = lport=138 | protocol=17 | dir=in | app=system |
"{F00F5F20-3FC0-4135-A718-426D8F855793}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F1BB99A2-AE75-453D-BF6B-DD911617C05A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{130AC8B3-6BD8-4035-B1F1-7E88AB739DE2}" = protocol=17 | dir=in | app=c:\users\haus\appdata\roaming\dropbox\bin\dropbox.exe |
"{2B111F32-C4A6-4ECA-98B5-F34C8360131D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2D2C7AF3-0272-4E30-B991-3BE67DFA024E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E74C3A0-8851-489F-AD20-B5A1345F45F0}" = protocol=6 | dir=in | app=c:\users\haus\appdata\roaming\dropbox\bin\dropbox.exe |
"{34B676AC-2F09-4B46-BC13-531532079DF5}" = protocol=6 | dir=out | app=system |
"{3808ECB1-F1BF-43DF-B1EF-BCFB3A3B7625}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{3AA9F0CF-5343-42B8-99ED-01F98FA71262}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |
"{3ED1794B-D6AE-4306-9EF4-E208A22C9D06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3FF08098-A929-4C9D-9850-C725AE6E0B2A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{43474906-E326-49E3-B975-2147E2C56017}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4B3D06A8-8B64-483F-BFC3-769A04932F96}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B91ACA0-8FDF-4439-A0B3-E7A07E83C3CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5391ADC0-0246-48D2-B46C-01DA037EAA62}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{543C393B-B4F3-4FE2-B1F6-64055F7F7D5E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D4812C4-E3BD-4E1E-8EFB-CE1363569757}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6B02BFFB-B76E-4F0B-923F-315DDBFEEA74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A6523BC-B175-40EE-8E53-A8AFF83EFB45}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A330C5E2-4480-40BB-9EA8-B1F096A66ECC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBBC1FB4-B27C-4C82-8781-181AB2214F5B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BCDFD469-1FD6-486E-ACB8-8E997FF396BD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C433E621-15BC-45CC-9335-95161AC95770}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{DD169238-5A8A-4EDD-8518-7FBCAE068F5D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DDC40324-D129-4E9F-8F9A-0E0D2E7D7F4C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E0D5E3CB-178B-4CB0-9974-6BBAFED614C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ED060374-B0B1-4454-A71D-C3F880A7230A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EDC1F23A-E2DC-42C7-B563-9A6CACA2C807}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF00C3D6-6E01-4FEB-9F4E-A687E2C14384}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EF046734-2DFF-43E1-B550-F21BCB4007C6}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{F030AE29-09F1-4CD4-9DD2-883D4560348F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F78DEE11-44E2-4ED3-8981-A7CB0466363E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{FCDA192A-A460-4AC0-8689-39E80D00CCE6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3E7D839E-A6E7-B6F8-F855-CF69756E6331}" = AMD Media Foundation Decoders
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5180FB30-2AC7-1627-9856-AA0AE6ACB7E7}" = ccc-utility
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{84374A47-1DF5-4013-90D4-1288819869B1}" = Microsoft-Maus- und Tastatur-Center
"{876B50AF-D46A-ED35-C625-20F326FE0C49}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = Catalyst Control Center
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{A90D527A-B49D-439E-80FF-15676AB8AA35}_is1" = shopping-preise.de - AddOn für Chrome
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF595A9D-325A-0B86-4BFA-F2D90553A9FC}" = AMD Drag and Drop Transcoding
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068813-9F8D-9F7A-92C0-A3EECBA2D82B}" = AMD Catalyst Install Manager
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVMWLANCLI" = AVM FRITZ!WLAN
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX510W_TX550W Benutzerhandbuch" = Epson Stylus SX510W_TX550W Handbuch
"EPSON SX510W Series" = Druckerdeinstallation für EPSON SX510W Series
"FormatFactory" = FormatFactory 3.0.1
"Google Chrome" = Google Chrome
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.6.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinDjView" = WinDjView 2.0.2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.08.2012 05:35:15 | Computer Name = Haus-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 09.08.2012 02:57:28 | Computer Name = Haus-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.08.2012 03:37:51 | Computer Name = Haus-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 09.08.2012 16:11:51 | Computer Name = Haus-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 09.08.2012 17:08:55 | Computer Name = Haus-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10.08.2012 02:38:37 | Computer Name = Haus-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.08.2012 07:44:50 | Computer Name = Haus-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.08.2012 11:38:27 | Computer Name = Haus-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10.08.2012 12:57:17 | Computer Name = Haus-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10.08.2012 15:09:03 | Computer Name = Haus-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 30.01.2013 04:23:57 | Computer Name = Haus-PC | Source = DCOM | ID = 10010
Description =
Error - 30.01.2013 07:06:12 | Computer Name = Haus-PC | Source = DCOM | ID = 10010
Description =
Error - 30.01.2013 14:18:24 | Computer Name = Haus-PC | Source = DCOM | ID = 10010
Description =
Error - 30.01.2013 17:07:07 | Computer Name = Haus-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "EPSON V5 Service4(01)" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 30.01.2013 17:07:07 | Computer Name = Haus-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "EPSON V3 Service4(01)" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 30.01.2013 17:07:10 | Computer Name = Haus-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Process Monitor" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 30.01.2013 17:12:27 | Computer Name = Haus-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 30.01.2013 17:18:27 | Computer Name = Haus-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 30.01.2013 17:23:25 | Computer Name = Haus-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 30.01.2013 17:24:30 | Computer Name = Haus-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?30.?01.?2013 um 22:23:05 unerwartet heruntergefahren.
< End of report >
Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-31 18:19:10
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3160023AS rev.3.00 149,05GB
Running: gmer_2.0.18454 (5).exe; Driver: C:\Users\Haus\AppData\Local\Temp\kxldipoc.sys
---- System - GMER 2.0 ----
SSDT 86547CC0 ZwAlertResumeThread
SSDT 86547DA0 ZwAlertThread
SSDT 87007880 ZwAllocateVirtualMemory
SSDT 86417C00 ZwAlpcConnectPort
SSDT 86547468 ZwAssignProcessToJobObject
SSDT 86547A10 ZwCreateMutant
SSDT 86547188 ZwCreateSymbolicLinkObject
SSDT 87007D68 ZwCreateThread
SSDT 86547278 ZwCreateThreadEx
SSDT 86547548 ZwDebugActiveProcess
SSDT 87007A50 ZwDuplicateObject
SSDT 87007638 ZwFreeVirtualMemory
SSDT 86547B00 ZwImpersonateAnonymousToken
SSDT 86547BE0 ZwImpersonateThread
SSDT 86416678 ZwLoadDriver
SSDT 87007538 ZwMapViewOfSection
SSDT 86547930 ZwOpenEvent
SSDT 87007C30 ZwOpenProcess
SSDT 87007970 ZwOpenProcessToken
SSDT 86547770 ZwOpenSection
SSDT 87007B40 ZwOpenThread
SSDT 86547378 ZwProtectVirtualMemory
SSDT 86547E80 ZwResumeThread
SSDT 87007288 ZwSetContextThread
SSDT 87007368 ZwSetInformationProcess
SSDT 86547628 ZwSetSystemInformation
SSDT 86547850 ZwSuspendProcess
SSDT 86547008 ZwSuspendThread
SSDT 86FD29E8 ZwTerminateProcess
SSDT 870071A8 ZwTerminateThread
SSDT 87007458 ZwUnmapViewOfSection
SSDT 87007728 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8327EA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832B84D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 832BF510 8 Bytes [C0, 7C, 54, 86, A0, 7D, 54, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 832BF528 4 Bytes [80, 78, 00, 87] {CMP BYTE [EAX+0x0], 0x87}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 832BF534 4 Bytes [00, 7C, 41, 86] {ADD [ECX+EAX*2-0x7a], BH}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 832BF588 4 Bytes [68, 74, 54, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 832BF604 4 Bytes [10, 7A, 54, 86]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x95A32000, 0x130E98, 0xE8000020]
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060a77b59
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060a77b59@0025e7b1123e 0xE8 0xB9 0xBC 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060a77b59 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060a77b59@0025e7b1123e 0xE8 0xB9 0xBC 0x9C ...
---- EOF - GMER 2.0 ----
Ich danke euch schonmal im voraus. Geändert von just-edi (31.01.2013 um 22:30 Uhr) |
|
03.02.2013, 10:53
| #2 | |
| /// TB-Ausbilder   | mms@t-mobile.de Anhang geöffnet Servus,
__________________Aus deiner Logdatei: Zitat:
Dateien, wie crack.exe, keygen.exe oder patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte. Außerdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zum Neu aufsetzten. Damit ist das Thema beendet. |
|
| Themen zu mms@t-mobile.de Anhang geöffnet |
| bho, combofix, desktop, e-mail, error, firefox, flash player, freemium, helper, internet explorer, intranet, jdownloader, logfile, lws.exe, mms@t-mobile.de, mozilla, nodrives, plug-in, problem, programm, realtek, registry, scan, security, senden, software, starten, stick, svchost.exe, symantec, system, visual studio, windows |
Linear-Darstellung
