|
Plagegeister aller Art und deren Bekämpfung: Taskmanager schließt bei Drücken von "mehr Details"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.02.2013, 17:27 | #16 |
| Taskmanager schließt bei Drücken von "mehr Details" so, hier die Erste Aufgabe AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.111 - Datei am 05/02/2013 um 17:22:06 erstellt # Aktualisiert am 05/02/2013 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzer : **** - ****-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files (x86)\yolobartb Ordner Gelöscht : C:\ProgramData\boost_interprocess ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16453 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp --> hxxp://www.google.com -\\ Mozilla Firefox v18.0.1 (de) Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\s8t324qt.default\prefs.js C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\s8t324qt.default\user.js ... Gelöscht ! [OK] Die Datei ist sauber. -\\ Google Chrome v24.0.1312.57 Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1929 octets] - [05/02/2013 17:22:06] ########## EOF - C:\AdwCleaner[S1].txt - [1989 octets] ########## und hier gehts schon weiter.... OTL Code:
ATTFilter OTL logfile created on: 05.02.2013 17:29:18 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16453) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,94 Gb Total Physical Memory | 4,35 Gb Available Physical Memory | 73,27% Memory free 11,94 Gb Paging File | 10,08 Gb Available in Paging File | 84,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1801,30 Gb Total Space | 1090,96 Gb Free Space | 60,57% Space Free | Partition Type: NTFS Drive D: | 60,00 Gb Total Space | 44,46 Gb Free Space | 74,10% Space Free | Partition Type: NTFS Drive E: | 261,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software) PRC - C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\MEDION\MEDION NAS TOOL\MEDION NAS TOOL.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\wx._core_.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\wx._controls_.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\windows._cacheinvalidation.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\wx._windows_.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\wx._gdi_.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\wx._misc_.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\_ssl.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\unicodedata.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\pysqlite2._sqlite.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\pythoncom26.dll () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\_hashlib.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\win32com.shell.shell.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\pyexpat.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\wx._wizard.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\win32file.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\win32security.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\pywintypes26.dll () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\win32api.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\_elementtree.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\_ctypes.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\wx._html2.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\_socket.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\win32inet.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\win32process.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\win32ts.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\win32pdh.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\win32profile.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\win32event.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\win32crypt.pyd () MOD - C:\Users\****\AppData\Local\Temp\_MEI50922\select.pyd () MOD - C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll () MOD - C:\Program Files\Microsoft Office 15\root\Office15\c2r32.dll () MOD - C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll () MOD - C:\Program Files (x86)\Fieldston Software\gSyncit\gSyncit.core.dll () MOD - C:\Program Files (x86)\Fieldston Software\gSyncit\System.Data.SQLite.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Program Files (x86)\MEDION\MEDION NAS TOOL\MEDION NAS TOOL.exe () MOD - C:\Program Files (x86)\MEDION\MEDION NAS TOOL\LIBEAY32.dll () ========== Services (SafeList) ========== SRV:64bit: - (ClassicShellService) -- C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (Samsung Network Fax Server) -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe (Samsung Electronics Co., Ltd.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (Samsung Network Fax Server) -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe (Samsung Electronics Co., Ltd.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (klwfp) -- C:\Windows\SysNative\Drivers\klwfp.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\Drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\Drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\Drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\Drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\Drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (kneps) -- C:\Windows\SysNative\Drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (RtlWlanu) -- C:\Windows\SysNative\Drivers\RTWlanU.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\Drivers\RTWlanU.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\Drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (klelam) -- C:\Windows\SysNative\Drivers\klelam.sys (Kaspersky Lab) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\Drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (kl1) -- C:\Windows\SysNative\Drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\Drivers\SSPORT.sys (Samsung Electronics) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**p://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**p://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3305265873-3708218979-1123394909-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://lenovo13.msn.com IE - HKU\S-1-5-21-3305265873-3708218979-1123394909-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3305265873-3708218979-1123394909-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.com IE - HKU\S-1-5-21-3305265873-3708218979-1123394909-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3305265873-3708218979-1123394909-1003\..\SearchScopes\{04FECF4B-1673-4021-80A5-5AAFF6BD005E}: "URL" = h**p://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS IE - HKU\S-1-5-21-3305265873-3708218979-1123394909-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**p://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3305265873-3708218979-1123394909-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3305265873-3708218979-1123394909-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "h**p://www.google.de" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:14:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.13 07:37:44 | 000,000,000 | ---D | M] [2012.12.03 06:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2013.02.01 09:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\s8t324qt.default\extensions [2013.01.12 22:14:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\s8t324qt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.01.29 07:33:10 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\s8t324qt.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.01.18 00:26:03 | 000,256,017 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\s8t324qt.default\extensions\{9cfdd5db-2841-4970-acbc-b812ac1092e8}.xpi [2013.02.01 09:06:32 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\s8t324qt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.03 06:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 17:14:13 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.31 21:30:44 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: h**p://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: h**p://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\****\AppData\Roaming\Mozilla\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Google Drive = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_1\ CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Google Maps = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\ CHR - Extension: Amazon Deutsch = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mckgjahkffbhkbbginonfihaohmbdcie\1.0_0\ CHR - Extension: CleanWebApp (Adblock + Privacy) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone\0.1.3_0\ CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-3305265873-3708218979-1123394909-1003..\Run: [] \ File not found O4 - HKU\S-1-5-21-3305265873-3708218979-1123394909-1003..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-3305265873-3708218979-1123394909-1003..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software) O4 - HKU\S-1-5-21-3305265873-3708218979-1123394909-1003..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-3305265873-3708218979-1123394909-1003..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-3305265873-3708218979-1123394909-1003..\Run: [MEDION NAS TOOL] C:\Program Files (x86)\MEDION\MEDION NAS TOOL\MEDION NAS TOOL.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - h**p://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - h**p://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{032A9019-D334-4199-9B12-3BC8F6E32088}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{281685EA-5281-425D-A206-752B81C1E90D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3e53439b-3bbf-11e2-be92-d43d7e2e44d0}\Shell - "" = AutoRun O33 - MountPoints2\{3e53439b-3bbf-11e2-be92-d43d7e2e44d0}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.05 06:19:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.02.01 18:41:57 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.01 18:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.01 18:41:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.01 16:53:06 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Problem PC [2013.02.01 11:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2013.02.01 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2013.01.31 07:20:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2013.01.31 07:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.30 06:38:53 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Benutzerdefinierte Office-Vorlagen [2013.01.29 17:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.01.29 17:00:15 | 000,000,000 | R--D | C] -- C:\Users\****\SkyDrive [2013.01.29 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2013.01.29 17:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013.01.29 16:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2013.01.28 22:56:41 | 000,000,000 | ---D | C] -- C:\Users\****\Application Data [2013.01.28 22:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON [2013.01.28 22:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAVIGON [2013.01.28 15:35:28 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Wondershare PDF Password Remover [2013.01.26 10:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2013.01.26 10:58:51 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2013.01.22 08:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2013.01.22 08:29:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Paint.NET [2013.01.18 10:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.01.17 19:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems [2013.01.17 19:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems [2013.01.17 19:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems [2013.01.13 18:13:12 | 005,974,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.01.13 18:13:11 | 005,088,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.01.13 18:13:11 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.01.13 18:13:11 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.01.13 18:13:11 | 001,145,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll [2013.01.13 18:13:11 | 001,096,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2013.01.13 18:13:10 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storagewmi.dll [2013.01.13 18:13:10 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Taskmgr.exe [2013.01.13 18:13:10 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Taskmgr.exe [2013.01.13 18:13:10 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebcamUi.dll [2013.01.13 18:13:10 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll [2013.01.13 18:13:10 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WebcamUi.dll [2013.01.13 18:13:10 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserLanguagesCpl.dll [2013.01.13 18:13:10 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll [2013.01.13 18:13:09 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.01.13 18:13:09 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\storagewmi.dll [2013.01.13 18:13:09 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.01.13 18:13:09 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserLanguagesCpl.dll [2013.01.13 18:13:09 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.01.13 18:13:09 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll [2013.01.13 18:13:09 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnapps.dll [2013.01.13 18:13:09 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2013.01.13 18:13:09 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll [2013.01.13 18:13:09 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpnapps.dll [2013.01.13 18:13:09 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys [2013.01.13 18:13:09 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.01.13 18:13:08 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.01.13 18:13:08 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll [2013.01.13 18:13:08 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll [2013.01.13 18:13:08 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL [2013.01.13 18:13:08 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL [2013.01.13 18:13:08 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll [2013.01.13 18:13:08 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vds_ps.dll [2013.01.13 18:13:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vds_ps.dll [2013.01.13 18:13:08 | 000,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys [2013.01.13 18:13:08 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthhfHid.sys [2013.01.13 18:13:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsldr.exe [2013.01.13 18:13:08 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys [2013.01.13 18:12:57 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.01.13 18:12:52 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll [2013.01.13 18:12:51 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll [2013.01.13 18:12:47 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll [2013.01.13 18:12:47 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll [2013.01.13 18:12:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll [2013.01.13 18:12:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll [2013.01.13 18:12:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2013.01.13 18:12:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2013.01.13 18:12:46 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll [2013.01.13 18:12:46 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll [2013.01.13 18:12:45 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll [2013.01.13 18:12:16 | 013,640,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013.01.13 18:12:16 | 002,367,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll [2013.01.13 18:12:12 | 003,265,256 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys [2013.01.13 18:12:08 | 014,259,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2013.01.13 18:12:07 | 010,791,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013.01.13 18:12:05 | 002,397,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpcMon.exe [2013.01.13 18:12:04 | 003,847,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.01.13 18:12:03 | 011,875,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2013.01.13 18:12:03 | 003,964,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe [2013.01.13 18:12:02 | 001,513,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll [2013.01.13 18:12:02 | 000,533,224 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys [2013.01.13 18:12:01 | 001,825,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.01.13 18:12:00 | 002,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.01.13 18:12:00 | 001,739,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll [2013.01.13 18:12:00 | 001,019,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.dll [2013.01.13 18:11:59 | 001,304,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.Streaming.dll [2013.01.13 18:11:59 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uDWM.dll [2013.01.13 18:11:57 | 000,389,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MMDevAPI.dll [2013.01.13 18:11:56 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\provcore.dll [2013.01.13 18:11:55 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.01.13 18:11:54 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll [2013.01.13 18:11:53 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSATAPI.dll [2013.01.13 18:11:50 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.Streaming.dll [2013.01.13 18:11:50 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll [2013.01.13 18:11:50 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013.01.13 18:11:49 | 001,743,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\combase.dll [2013.01.13 18:11:49 | 001,590,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.01.13 18:11:49 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsSpellCheckingFacility.dll [2013.01.13 18:11:49 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2013.01.13 18:11:49 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWAHost.exe [2013.01.13 18:11:49 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFPlay.dll [2013.01.13 18:11:49 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL [2013.01.13 18:11:48 | 000,866,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinTypes.dll [2013.01.13 18:11:48 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll [2013.01.13 18:11:48 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2013.01.13 18:11:48 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsvr.dll [2013.01.13 18:11:48 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidcredprov.dll [2013.01.13 18:11:48 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rascfg.dll [2013.01.13 18:11:46 | 001,400,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll [2013.01.13 18:11:46 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsrcsnk.dll [2013.01.13 18:11:46 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VAN.dll [2013.01.13 18:11:46 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll [2013.01.13 18:11:46 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS [2013.01.13 18:11:46 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013.01.13 18:11:46 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSATAPI.dll [2013.01.13 18:11:46 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnprv.dll [2013.01.13 18:11:46 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdsrv.dll [2013.01.13 18:11:46 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rascfg.dll [2013.01.13 18:11:45 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl [2013.01.13 18:11:45 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe [2013.01.13 18:11:45 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll [2013.01.13 18:11:45 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapibase.dll [2013.01.13 18:11:45 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll [2013.01.13 18:11:45 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll [2013.01.13 18:11:45 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll [2013.01.13 18:11:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll [2013.01.13 18:11:44 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll [2013.01.13 18:11:44 | 000,028,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys [2013.01.13 18:11:43 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll [2013.01.13 18:11:41 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWAHost.exe [2013.01.13 18:11:41 | 000,120,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys [2013.01.13 18:11:40 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PackageStateRoaming.dll [2013.01.13 18:11:36 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFPlay.dll [2013.01.13 18:11:35 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll [2013.01.13 18:11:35 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl [2013.01.13 18:11:35 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\provcore.dll [2013.01.13 18:11:35 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll [2013.01.13 18:11:35 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll [2013.01.13 18:11:35 | 000,256,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvproc.dll [2013.01.13 18:11:35 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ProximityService.dll [2013.01.13 18:11:35 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll [2013.01.13 18:11:35 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll [2013.01.13 18:11:35 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TpmTasks.dll [2013.01.13 18:11:35 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PackageStateRoaming.dll [2013.01.13 18:11:35 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll [2013.01.13 18:11:34 | 002,016,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll [2013.01.13 18:11:34 | 002,007,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\batmeter.dll [2013.01.13 18:11:34 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll [2013.01.13 18:11:34 | 001,247,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\combase.dll [2013.01.13 18:11:34 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinapi.dll [2013.01.13 18:11:34 | 000,480,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VAN.dll [2013.01.13 18:11:34 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinTypes.dll [2013.01.13 18:11:34 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsrcsnk.dll [2013.01.13 18:11:34 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.01.13 18:11:34 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.01.13 18:11:34 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsvr.dll [2013.01.13 18:11:34 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll [2013.01.13 18:11:34 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlidcredprov.dll [2013.01.13 18:11:34 | 000,212,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS [2013.01.13 18:11:34 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys [2013.01.13 18:11:34 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-kernel-power-events.dll [2013.01.13 18:11:34 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncHost.exe [2013.01.13 18:11:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhevents.dll [2013.01.13 18:11:34 | 000,062,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpfve.sys [2013.01.13 18:11:34 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfdisk.dll [2013.01.13 18:11:34 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfdisk.dll [2013.01.13 18:11:34 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\svchost.exe [2013.01.13 18:11:34 | 000,027,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\avrt.dll [2013.01.13 18:11:33 | 000,699,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinapi.dll [2013.01.13 18:11:33 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetup.exe [2013.01.13 18:11:33 | 000,437,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfh264enc.dll [2013.01.13 18:11:33 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfh264enc.dll [2013.01.13 18:11:33 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcfg.dll [2013.01.13 18:11:33 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvproc.dll [2013.01.13 18:11:33 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.13 18:11:33 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevPropMgr.dll [2013.01.13 18:11:33 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwm.exe [2013.01.13 18:11:33 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvinst.exe [2013.01.13 18:11:33 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncHost.exe [2013.01.13 18:11:33 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2013.01.13 18:11:33 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfnet.dll [2013.01.13 18:11:32 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.01.13 18:11:32 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DAFWSD.dll [2013.01.13 18:11:30 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.01.13 18:11:30 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsrchapi.dll [2013.01.13 18:11:30 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfnet.dll [2013.01.13 18:11:29 | 001,701,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.01.13 18:11:29 | 000,588,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2013.01.13 18:11:29 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2013.01.13 18:11:29 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcat.dll [2013.01.13 18:11:29 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfos.dll [2013.01.13 18:11:29 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2013.01.13 18:11:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhmanagew.exe [2013.01.13 18:11:29 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhshl.dll [2013.01.13 18:11:29 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsvc.dll [2013.01.13 18:11:29 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpremove.exe [2013.01.13 18:11:29 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdiag.dll [2013.01.13 18:11:29 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhlisten.dll [2013.01.13 18:11:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdiag.dll [2013.01.13 18:11:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.01.13 18:11:29 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.01.13 18:11:28 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vsstrace.dll [2013.01.13 18:11:28 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcleanup.dll [2013.01.13 18:11:27 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsrchph.dll [2013.01.13 18:11:27 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhautoplay.dll [2013.01.13 18:11:27 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp [2013.01.13 18:11:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ndptsp.tsp [2013.01.13 18:11:27 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp [2013.01.13 18:11:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfctrs.dll [2013.01.13 18:11:27 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasmxs.dll [2013.01.13 18:11:27 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfctrs.dll [2013.01.13 18:11:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kmddsp.tsp [2013.01.13 18:11:27 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhtask.dll [2013.01.13 18:11:27 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfproc.dll [2013.01.13 18:11:27 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LangCleanupSysprepAction.dll [2013.01.13 18:11:27 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfproc.dll [2013.01.13 18:11:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfos.dll [2013.01.13 18:11:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasmxs.dll [2013.01.13 18:11:27 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasser.dll [2013.01.13 18:11:27 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2013.01.13 18:11:27 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe [2013.01.13 18:11:27 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasser.dll [2013.01.13 18:11:27 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe [2013.01.13 18:11:27 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsvcctl.dll [2013.01.13 18:11:27 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eventcls.dll [2013.01.13 18:11:27 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eventcls.dll [2013.01.13 18:11:27 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MUILanguageCleanup.dll [2013.01.13 18:11:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll [2013.01.13 18:11:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll [2013.01.13 18:11:27 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetupproxyserv.dll [2013.01.13 18:11:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll [2013.01.13 18:11:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx [2013.01.13 18:11:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll [2013.01.13 18:11:27 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx [2013.01.13 18:11:27 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll [2013.01.13 18:11:26 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2013.01.13 18:11:26 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.01.13 18:11:25 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2013.01.13 18:11:11 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.dll [2013.01.13 18:11:11 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.dll [2013.01.13 18:11:11 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.exe [2013.01.13 18:11:11 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ndadmin.exe [2013.01.13 18:11:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.exe [2013.01.13 18:11:11 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ndadmin.exe [2013.01.13 07:55:20 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\AdobeStockPhotos [2013.01.13 06:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photoshop CS2 [2013.01.12 23:46:14 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Updater [2013.01.12 23:43:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF [2013.01.12 23:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared [2013.01.12 23:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoshopCS2 [2013.01.12 20:20:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Newshosting [2013.01.12 20:20:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\CrashRpt [2013.01.12 20:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2013.01.12 20:19:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Newshosting ========== Files - Modified Within 30 Days ========== [2013.02.05 17:25:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.05 17:23:30 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.02.05 17:23:27 | 810,344,447 | -HS- | M] () -- C:\hiberfil.sys [2013.02.05 17:21:52 | 000,582,119 | ---- | M] () -- C:\Users\****\Desktop\adwcleaner.exe [2013.02.05 15:22:15 | 824,497,367 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.05 06:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.02.04 13:00:05 | 001,748,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.04 13:00:05 | 000,752,930 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.04 13:00:05 | 000,711,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.04 13:00:05 | 000,156,156 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.04 13:00:05 | 000,132,952 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.03 08:53:58 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.03 08:53:58 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.03 08:53:58 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.01 16:13:16 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2013.02.01 09:17:46 | 000,018,066 | ---- | M] () -- C:\Users\****\Documents\cc_20130201_091741.reg [2013.01.18 09:57:08 | 000,103,008 | ---- | M] () -- C:\Users\****\Documents\cc_20130118_095701.reg [2013.01.15 21:13:01 | 005,041,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.02.05 17:21:51 | 000,582,119 | ---- | C] () -- C:\Users\****\Desktop\adwcleaner.exe [2013.02.03 08:53:36 | 824,497,367 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.01 16:13:16 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable [2013.02.01 09:17:44 | 000,018,066 | ---- | C] () -- C:\Users\****\Documents\cc_20130201_091741.reg [2013.01.29 17:00:15 | 000,002,188 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk [2013.01.22 08:30:09 | 000,001,304 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2013.01.18 09:57:06 | 000,103,008 | ---- | C] () -- C:\Users\****\Documents\cc_20130118_095701.reg [2013.01.15 21:12:46 | 005,041,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.13 18:11:27 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll [2013.01.13 18:11:27 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.01.12 23:43:52 | 000,002,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk [2012.12.20 11:49:14 | 000,001,982 | ---- | C] () -- C:\Users\****\AppData\Local\recently-used.xbel [2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.15 16:42:54 | 001,554,336 | ---- | C] () -- C:\Windows\TotalUninstaller.exe [2012.12.07 12:57:41 | 000,003,584 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.06 12:55:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.12.03 06:56:22 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.11.28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.11.28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.11.28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.11.28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.09.10 11:57:43 | 012,317,888 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.07.25 21:22:56 | 000,733,840 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.07.25 21:22:56 | 000,492,340 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.06.19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
05.02.2013, 18:07 | #17 |
| Taskmanager schließt bei Drücken von "mehr Details" Extras
__________________Code:
ATTFilter OTL Extras logfile created on: 05.02.2013 17:29:18 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16453) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,94 Gb Total Physical Memory | 4,35 Gb Available Physical Memory | 73,27% Memory free 11,94 Gb Paging File | 10,08 Gb Available in Paging File | 84,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1801,30 Gb Total Space | 1090,96 Gb Free Space | 60,57% Space Free | Partition Type: NTFS Drive D: | 60,00 Gb Total Space | 44,46 Gb Free Space | 74,10% Space Free | Partition Type: NTFS Drive E: | 261,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3305265873-3708218979-1123394909-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office XP\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office XP\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) h**p [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) h**ps [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.) Directory [Bilder-Planet Fotoservice] -- "C:\Program Files (x86)\Bilder-Planet\Bilder-Planet Fotoservice\Bilder-Planet Fotoservice.exe" "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Bilder-Planet\Bilder-Planet Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office XP\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office XP\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) h**p [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) h**ps [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.) Directory [Bilder-Planet Fotoservice] -- "C:\Program Files (x86)\Bilder-Planet\Bilder-Planet Fotoservice\Bilder-Planet Fotoservice.exe" "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Bilder-Planet\Bilder-Planet Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02087CE3-4E42-4FD1-82A4-3EE436DD47DE}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{08A4D5F4-6C64-497E-BA1C-4C46646E38BF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0BBC201B-5D5F-46DC-8027-53647FF4939A}" = rport=445 | protocol=6 | dir=out | app=system | "{0D687A0F-BE87-4AE1-BE8D-55B649DEEB65}" = lport=139 | protocol=6 | dir=in | app=system | "{1A8F3265-266F-4E48-A6FF-49FBD562EE48}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1AB2073E-B1A2-42BF-A39B-C9B2EAE017C9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe | "{1EE1DCC9-6032-4872-B315-CC4BD2A3D2C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{21BE37CE-EAF4-4E16-8440-804AC7EA9AA5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2262521A-39A5-475A-AC42-C14756F14F95}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{22B630F8-BC50-4E1F-9684-D7D8A8FEBF77}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{25B82CB3-1954-4CBC-AD04-6C85B5A3FFB8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{27011B1B-9D18-4FFC-A4B4-6EDE64797779}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2AB978A1-63F9-4EA6-B1BE-72A41B9253A7}" = lport=445 | protocol=6 | dir=in | app=system | "{2E8004F3-D9D4-4D7E-9F74-3FBA06E82336}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2E9D6F5C-B10A-4793-94EE-F4129E94D4FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{37DF2BB3-1ACA-4D96-B2A2-0F4081D12F8E}" = lport=138 | protocol=17 | dir=in | app=system | "{3C078360-D22A-4CF5-8FFB-35CA2E63F97C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3C691BD1-3187-4E8E-BC72-3E6E034E5418}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{49A33F85-9D43-4611-AA16-05CD35B3A17A}" = rport=139 | protocol=6 | dir=out | app=system | "{4A103A03-94BF-4073-8BCA-577B6E0F9B08}" = lport=10243 | protocol=6 | dir=in | app=system | "{5F7DF415-F44A-48B0-AB27-631F78F8AE68}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{61839DCC-73DC-46BA-927C-79B89F9518ED}" = rport=10243 | protocol=6 | dir=out | app=system | "{65CC6FA4-3E53-4B33-AF6F-282F0F7371D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{661DC6C6-EC01-4341-AD36-D8262CD0C3D4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | "{747FC4B8-A75F-489C-8996-034ED2AA3963}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{943E9B02-5A65-4103-904E-2F3AF24DD8B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9FDD1B61-2DD3-4F34-84D3-D4EAE65A954D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AA126DC7-DD58-49A2-81CC-073938F88B55}" = rport=137 | protocol=17 | dir=out | app=system | "{B7400448-871A-4CAA-A55F-77F9574510C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BA128828-9878-4B4E-9A86-2971449EB11D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BF58A29C-9086-4AEE-A669-F33144527E7B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C23C793F-22ED-47D3-A1BC-A8DDEA43101B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F1EE98A0-BEE3-45DF-B03C-4660FA782C1A}" = lport=137 | protocol=17 | dir=in | app=system | "{F3C5EB45-9E8E-4490-AEB2-2298FA346D78}" = lport=2869 | protocol=6 | dir=in | app=system | "{F5BBAB3D-BFBB-4EA2-BA1E-21F5C606224A}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09039F4A-0CA1-434F-95EF-BC280F237B38}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe | "{0AD460BC-E035-4957-8978-62C83863E025}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{0AF96C80-3540-443C-B6DD-CA2AD459F3B1}" = dir=out | name=amazon | "{1449FE7C-8453-4AB3-AFE2-0EFE6AECBC7C}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{1506C6B9-47F4-4495-8851-1C57CF474D31}" = dir=in | name=ebay | "{15BBE609-B0FD-46CC-9E90-805FD6167B97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2230F223-150B-4AB8-93A1-864F146C63F6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{256AB823-EFFD-48A4-8AB9-8B91395D3688}" = dir=out | name=accuweather for windows 8 | "{2A1CE9AB-D0AF-4EAF-AAE1-BF58EE9DC13C}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | "{359ACD1D-5902-4267-8752-21096DCCC41C}" = dir=out | name=windows_ie_ac_001 | "{35C4E44E-D9E6-4B1E-ACE4-2F936F6AA7F6}" = dir=in | app=c:\users\****\appdata\local\microsoft\skydrive\skydrive.exe | "{37255170-1469-4107-8308-0F5ACDE6D2EC}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{38D07375-E772-49AB-A1EF-E6BFB08EA910}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3D6CEE1E-2272-462A-B7C2-BC1A2ECC7303}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{41991FCB-A232-4B06-8BA4-65FCCA8F2A75}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{41BA55FC-3842-4BAB-97C2-7374522F5D1A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | "{5448048C-D6D8-4C8F-B262-6E7107DEEA38}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | "{5498E73A-E8AB-4B79-9CF9-37A60BF840C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{54BCEEDF-D674-4DF0-B742-ACBEB1F7F1E0}" = dir=out | name=cinetrailer | "{576A212E-3A5A-45F6-8AF1-51E24E866F78}" = dir=in | name=meinestadt.de | "{58AA3F12-24DD-47EE-8A96-18FE4B11FD2B}" = dir=out | name=ebay | "{5A2846AF-D722-4808-A108-2B237BC2D153}" = dir=in | name=meinestadt.de | "{6018F42B-D692-4EDF-B628-8B4E60ABE6C2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{60BECB40-B432-4A4C-A43E-F67F9C129967}" = dir=out | name=windows_ie_ac_001 | "{671EF1DA-B769-41C9-BB5E-AD3E7690DCCB}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{687F70E8-00A6-497F-8257-57715200A0B4}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | "{68B3AB5D-44DE-443E-9814-D1ABA8521567}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{69DB0B21-23BF-46DB-B6CA-9EBC93387DE5}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{6A80FB52-FAF9-49F4-9ED5-BD1F1EDC3CDF}" = dir=in | name=ebay | "{6B53840B-DB2F-45B6-9731-8CEF2F0FE9EE}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe | "{6CE0BC13-69D1-416D-AC12-D3477736A2D8}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{783B9D25-DE36-4F35-BD97-9BE80DDE39C8}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | "{78FA9CB5-77D3-41AF-9F70-7BEAFD0A8320}" = dir=out | name=billiger.de | "{7CC0032A-134C-4577-B41D-4FEF7E446227}" = dir=out | name=meinestadt.de | "{7E69E84E-CDDF-4928-AEA6-1B18EA51FFDE}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{80C7EDCC-4118-42BD-AEB8-E40DEFC54FA2}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{82D4E3BE-6A1A-4D2B-80F9-652281FD68C5}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{919BD155-D11B-4DC5-9B90-26A9DA3DEC97}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{92C3C5D2-EBFC-4D95-9E8B-FD9546DB04E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{9C03F437-BE28-4AC9-B57F-CD0BAC59C8B3}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{9F506187-1BC9-46D0-BB18-7397CB193724}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{A22A74A2-DC11-4B4B-AF57-B3A20AEB4DD3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{A2BDA04E-165F-4F6A-9AAE-673FDF4562D3}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | "{A569BA88-7C68-4F3A-BC58-2114B59B458E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A5CCD083-CD65-4851-812D-D7D371C9EA7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A6FDCAA2-EDCB-42E5-AFC6-839A756708ED}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{A708470A-EFD8-4E34-9A61-9031BE0898A3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A9A25E19-2611-486F-A265-73B9C261E030}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{ABF6CF8F-4F4F-402E-9090-96EE17D0D0A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AC539E1C-B39B-4233-81E9-FF3EFCDD9770}" = dir=out | name=meinestadt.de | "{B195DDB8-CF20-4FC9-8776-E48364BDE82F}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{B85E93D3-083B-454A-B280-49525369B6C3}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | "{B97176EE-7C23-44E3-85B0-B36C6E40D770}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BF0EE90B-F9E3-4444-853D-C6AAF410863E}" = dir=out | name=tunein radio | "{BF584E1C-87F6-4CAB-AB30-93D8C4253B66}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | "{C4829335-AA2F-498D-9171-744420781D67}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{C6B1BFCD-F999-4B54-8EFC-A38722F22DB4}" = protocol=6 | dir=out | app=system | "{C970AB73-F9A6-48CE-9A37-F8896E84004D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{CCA69ED0-9C08-4D4D-82D7-41F0BBA70215}" = dir=out | name=bild tablet | "{CCF15CC4-F80C-4F2E-9117-5C6DA5BBF4C8}" = dir=out | name=google search | "{CF746311-38EA-447D-A8FD-30D0EC742DC6}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{D5208706-0914-4D3B-A740-C3406E521C61}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{DA190246-9A4E-4AB1-85AE-908F040BCE5B}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{DBBE0C5B-BBFD-4649-88B2-2495ABB8F20B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{E2CD4F90-5655-4B5F-9C6F-E28395AF1190}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{E57152FB-74F4-49E3-BAE2-1FAB57BB3F75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E6CD37E1-75DB-4DE0-A242-0F84C96DD9AA}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E7DAB137-AB79-4174-B68B-BA154BDD0B6A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | "{E8849646-ACB6-4278-81D6-83F24A70212F}" = dir=out | name=ebay | "{E9C97649-988F-46CB-96A0-16599C6F7C1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EAFB3CD2-F842-4BED-8615-25DA89D6E39E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F573C6B5-F1EF-4857-9E30-47090A081C02}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{F705D212-263F-498C-A409-12822FB891EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F81CDE02-59AB-4CFA-9847-02D18189B922}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{FB374F96-E473-428D-9E6F-DD57DCE27AB4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{5F4D2146-4926-4150-A193-D0A6C21EC96E}C:\program files (x86)\medion\medion nas tool\medion nas tool.exe" = protocol=6 | dir=in | app=c:\program files (x86)\medion\medion nas tool\medion nas tool.exe | "UDP Query User{8E639A68-DCB6-4E8F-85D7-22107951C06A}C:\program files (x86)\medion\medion nas tool\medion nas tool.exe" = protocol=17 | dir=in | app=c:\program files (x86)\medion\medion nas tool\medion nas tool.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{258D56DE-24F2-479E-BED2-8103CB0B9D58}" = MAGIX Video deluxe 2013 Plus "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CAF674E0-808C-4CF4-8868-A755EBABA228}" = ACDSee Pro 6 "{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "CCleaner" = CCleaner "HomeBusinessRetail - de-de" = Microsoft Office Home and Business 2013 - de-de "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0DBC021C-95D9-435A-A4B0-E6515AFD1A71}" = Nero Prerequisite Installer 2.0 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1719FAD6-2F6A-4F5E-BF2B-1F6F6F1E3806_PasswordRemover}_is1" = Wondershare PDF Password Remover (Build 1.3.0) "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs "{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM) "{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3D9167B2-87EB-4713-90B4-E46F2CAFE28D}" = Nero BurningROM 12 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{41FEC76C-9F4C-4A9A-B872-C605A4E04BBF}" = Photo Common "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3 "{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery "{52FE9150-B4B1-42BE-8F05-7D559757E450}" = Movie Maker "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM "{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{75FCD3A9-D7F8-46AD-BC90-91A6364B9334}" = Galeria de Fotografias "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0 "{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive "{7CA39252-B140-4F7D-951E-AA7F18523CFF}" = WEKA Musterbetriebsanweisungen 6.4 "{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup "{81019508-84DC-476E-8C49-BD77A61217D9}" = Fotogalleri "{8698AFE8-285C-44EA-A282-13DBD7039F1C}" = Photo Common "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component "{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}" = SNS Upload for Easy Document Creator "{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM) "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA895310-E517-4401-86B6-7E4C7825C3E1}" = gSyncit "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DF6478C8-7643-4E80-8077-3D51614A3DBA}" = Movie Maker "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3 "Bilder-Planet Fotoservice" = Bilder-Planet Fotoservice "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "Google Chrome" = Google Chrome "GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008) "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "KLiteCodecPack_is1" = K-Lite Codec Pack 9.5.0 (Full) "MAGIX_{258D56DE-24F2-479E-BED2-8103CB0B9D58}" = MAGIX Video deluxe 2013 Plus "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "MEDION NAS TOOL" = MEDION NAS TOOL "Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Home and Business 2010 "QuickPar" = QuickPar 0.9 "Samsung CLX-3300 Series XPS (Windows 8)" = Samsung CLX-3300 Series XPS (Windows 8) "Samsung Easy Deployment Manager" = Samsung Easy Deployment Manager "Samsung Easy Document Creator" = Samsung Easy Document Creator "Samsung Easy Printer Manager" = Samsung Easy Printer Manager "Samsung Network PC Fax" = Samsung Network PC Fax "Samsung OCR Software" = Samsung OCR Software "Samsung Scan Process Machine" = Samsung Scan Process Machine "SetIP" = SetIP "SpeedCommander 13" = SpeedCommander 13 "UltraISO_is1" = UltraISO V7.55 ME "WEKA Musterbetriebsanweisungen 6.4" = WEKA Musterbetriebsanweisungen 6.4 "Winamp" = Winamp ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3305265873-3708218979-1123394909-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec "SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 31.01.2013 13:59:00 | Computer Name = ****-PC | Source = ESENT | ID = 454 Description = svchost (1464) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -509 auf. Error - 31.01.2013 14:00:00 | Computer Name = ****-PC | Source = ESENT | ID = 454 Description = svchost (1464) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -509 auf. Error - 31.01.2013 14:00:00 | Computer Name = ****-PC | Source = ESENT | ID = 454 Description = svchost (1464) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -509 auf. Error - 31.01.2013 14:00:00 | Computer Name = ****-PC | Source = ESENT | ID = 454 Description = svchost (1464) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -509 auf. Error - 31.01.2013 15:00:00 | Computer Name = ****-PC | Source = ESENT | ID = 454 Description = svchost (1684) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -509 auf. Error - 31.01.2013 15:00:00 | Computer Name = ****-PC | Source = ESENT | ID = 454 Description = svchost (1684) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -509 auf. Error - 31.01.2013 15:00:00 | Computer Name = ****-PC | Source = ESENT | ID = 454 Description = svchost (1684) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -509 auf. Error - 31.01.2013 15:01:00 | Computer Name = ****-PC | Source = ESENT | ID = 454 Description = svchost (1684) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -509 auf. Error - 31.01.2013 15:01:00 | Computer Name = ****-PC | Source = ESENT | ID = 454 Description = svchost (1684) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -509 auf. Error - 31.01.2013 15:02:00 | Computer Name = ****-PC | Source = ESENT | ID = 454 Description = svchost (1684) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -509 auf. [ System Events ] Error - 31.12.2012 03:19:49 | Computer Name = ****-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Error - 31.12.2012 03:20:00 | Computer Name = ****-PC | Source = BugCheck | ID = 1001 Description = Error - 02.01.2013 15:40:03 | Computer Name = ****-PC | Source = Microsoft-Windows-Kernel-Boot | ID = 16 Description = Error - 02.01.2013 15:40:21 | Computer Name = ****-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?02.?01.?2013 um 17:49:27 unerwartet heruntergefahren. Error - 02.01.2013 15:40:22 | Computer Name = ****-PC | Source = BugCheck | ID = 1001 Description = Error - 02.01.2013 15:40:24 | Computer Name = ****-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Error - 03.01.2013 13:00:34 | Computer Name = ****-PC | Source = Microsoft-Windows-Kernel-Boot | ID = 16 Description = Error - 03.01.2013 13:00:52 | Computer Name = ****-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?03.?01.?2013 um 12:28:25 unerwartet heruntergefahren. Error - 03.01.2013 13:00:53 | Computer Name = ****-PC | Source = BugCheck | ID = 1001 Description = Error - 03.01.2013 13:00:56 | Computer Name = ****-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 < End of report > |
06.02.2013, 10:45 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Taskmanager schließt bei Drücken von "mehr Details" Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren
__________________Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ |
07.02.2013, 07:12 | #19 |
| Taskmanager schließt bei Drücken von "mehr Details" quickscan 0 gefunden. der Rest kommt heute Abend oder morgen, bissle viel zu tun heute. Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.07.03 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16466 **** :: ****-PC [Administrator] Schutz: Aktiviert 07.02.2013 06:58:19 mbam-log-2013-02-07 (06-58-19).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 257144 Laufzeit: 2 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
07.02.2013, 10:48 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Taskmanager schließt bei Drücken von "mehr Details" Denk bitte an die CODE-Tags!!
__________________ Logfiles bitte immer in CODE-Tags posten |
08.02.2013, 07:56 | #21 |
| Taskmanager schließt bei Drücken von "mehr Details" sorry, dachte mir das schon mit dem Codetag, aber für mich war das nur ein Text, deshalb habe ich das ohne Code eingestellt, sorry nochmals Also der ESET hat zwei Dinge gefunden, die habe ich unten aber gestrichen, die hat er auf einem alten USB-Stick gefunden, den ich schon lange nicht mehr benutzt habe, es handelte sich dabei um zwei Iphone-Apps *ups*...benutze aber seit 2 Jahren schon Android, also die beiden haben mein PC nie gesehen Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=e70109dfc8bbad4684967d90ec557491 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-07 06:20:10 # local_time=2013-02-07 07:20:10 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=1286 16777213 100 98 183328 15027532 0 0 # compatibility_mode=5893 16776574 100 94 5708475 19767321 0 0 # scanned=486125 # found=2 # cleaned=0 # scan_time=8992 J:\**** J:\**** |
08.02.2013, 14:05 | #22 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Taskmanager schließt bei Drücken von "mehr Details"Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
08.02.2013, 22:06 | #23 |
| Taskmanager schließt bei Drücken von "mehr Details" Hallo, die haben mit dem Problem nichts zu tun und sind nicht mehr existent, den USB Stick habe ich formatiert. Der war über 2 Jahre alt und habe ich mit dazu genommen, weil da stand, man solle ALLS USB Sticks etc. mit in den Scan nehmen…mein System ist aber erst seit Dezember am laufen. Das waren zwei nicht so ganz koschere APPS Ohne Witze, die können nichts damit zu tun haben… Schöne Fasching @all |
11.02.2013, 08:20 | #24 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Taskmanager schließt bei Drücken von "mehr Details"Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
11.02.2013, 15:47 | #25 |
| Taskmanager schließt bei Drücken von "mehr Details" Damals sah die Welt noch anders aus... |
11.02.2013, 23:18 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Taskmanager schließt bei Drücken von "mehr Details" Und was zum Teufel waren das jetzt für Dateien?!
__________________ Logfiles bitte immer in CODE-Tags posten |
12.02.2013, 10:30 | #27 |
| Taskmanager schließt bei Drücken von "mehr Details" j:\****.ipa j:\*********.ipa 2x iphone apps, die nicht aus dem Store waren.... ich sag ja, dass ich lange her und sowas gibts nimmer... |
12.02.2013, 13:26 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Taskmanager schließt bei Drücken von "mehr Details" Und warum schreibst du das nicht gleich dahin??! Diese Geheimniskrämerei wenn du Hilfe von anderen bzw. Analyse/Bereinigung erwartest ist irgendwie merkwürdig
__________________ Logfiles bitte immer in CODE-Tags posten |
14.02.2013, 14:34 | #29 |
| Taskmanager schließt bei Drücken von "mehr Details" Dachte eigentlich schon, es wäre nach meinem Posting klar, was mein meinte |
14.02.2013, 15:31 | #30 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Taskmanager schließt bei Drücken von "mehr Details"Zitat:
Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Taskmanager schließt bei Drücken von "mehr Details" |
acrobat update, adobe, adobe flash player, applaus, bho, bonjour, computer, defender, ebanking, excel, explorer, firefox, flash player, google, hijack, hijackthis, internet, internet explorer, internet security 2013, kaspersky internet security 2013, logfile, mozilla, nvidia, nvidia update, problem, scan, security, sich automatisch, starten, super, tablet, taskmanager, windows, windows 8 pro, wmp |