| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Java Viren seit Java DeinstallationWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.02.2013, 11:12
| #1 |
 |  Java Viren seit Java Deinstallation Hallo liebes TB-Team, habe gestern im Internet gelesen, dass Java erhebliche Sicherheitsmängel aufweist und daraufhin Java von meinem Laptop deinstalliert. Danach war mein Laptop sehr langsam. Fenster, die ich geöffnet habe, sind in Zeitlupe aufgegangen, sodass es aussah, als würden die Fenster ganz langsam "erscheinen"(wie der eine Effekt in Powerpoint^^). Nach einem Neustart sehen die Fenster wieder normal aus. Habe einen Suchlauf mit Avira gemacht, 12 Java Viren wurden gefunden (habe erst vor einer Woche den letzten Suchlauf gestartet und da fand Avira noch nichts). Hier meine log-Files: OTL.txt Code:
ATTFilter OTL logfile created on: 05.02.2013 09:51:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yoshi\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 37,33% Memory free 7,83 Gb Paging File | 5,17 Gb Available in Paging File | 66,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 276,60 Gb Total Space | 5,66 Gb Free Space | 2,05% Space Free | Partition Type: NTFS Drive F: | 81,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 930,83 Gb Total Space | 329,21 Gb Free Space | 35,37% Space Free | Partition Type: NTFS Computer Name: LAPTOPKERSI | User Name: Kersi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.05 09:49:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yoshi\Downloads\OTL(1).exe PRC - [2013.02.05 09:46:58 | 000,050,477 | ---- | M] () -- C:\Users\Yoshi\Downloads\Defogger.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.11 16:54:05 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 16:53:53 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.11 16:53:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.21 15:58:26 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe PRC - [2012.05.09 16:31:12 | 000,577,536 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2012.04.13 09:12:00 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.12.09 18:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011.04.19 07:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2010.12.29 19:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe PRC - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010.10.01 17:49:08 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe PRC - [2010.10.01 15:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2010.05.08 12:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.12.02 23:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe PRC - [2009.09.23 15:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe PRC - [2009.07.06 20:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2007.06.01 09:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.06.01 09:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe ========== Modules (No Company Name) ========== MOD - [2013.02.05 09:46:58 | 000,050,477 | ---- | M] () -- C:\Users\Yoshi\Downloads\Defogger.exe MOD - [2010.11.25 04:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll MOD - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010.10.01 15:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ========== Services (SafeList) ========== SRV:64bit: - [2011.02.05 00:30:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.10.07 14:56:44 | 003,137,840 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.09 19:14:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.11 16:54:05 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 16:53:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.21 15:58:26 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService) SRV - [2012.04.13 09:12:00 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.09.17 05:19:27 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Kersi\AppData\Local\Temp\7zS6025\hpslpsvc64.dll -- (HPSLPSVC) SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.29 19:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.17 20:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.11.29 21:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2010.11.25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.10.07 14:45:28 | 002,692,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2010.10.01 17:49:08 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 16:54:09 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 16:54:09 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.05 08:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2011.06.16 14:40:20 | 000,176,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2011.03.26 03:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.03.17 06:29:56 | 001,416,240 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.02.05 00:59:50 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.02.04 23:53:42 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.17 20:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.12.17 20:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010.12.17 20:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010.12.17 20:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010.12.16 23:47:06 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010.12.16 23:47:06 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010.12.16 23:47:06 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.12.16 23:47:04 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu) DRV:64bit: - [2010.12.01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.11.30 23:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.29 21:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.24 12:33:24 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.29 19:38:32 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.08.20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.04.09 14:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010.04.07 16:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010.03.25 09:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.20 10:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.09.28 09:55:42 | 000,051,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys -- (OXSDIDRV_x64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ADFBE265-4C10-4F87-821E-DC52AB64F9A4} IE:64bit: - HKLM\..\SearchScopes\{ADFBE265-4C10-4F87-821E-DC52AB64F9A4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {ADFBE265-4C10-4F87-821E-DC52AB64F9A4} IE - HKLM\..\SearchScopes\{ADFBE265-4C10-4F87-821E-DC52AB64F9A4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKCU\..\SearchScopes,DefaultScope = {ADFBE265-4C10-4F87-821E-DC52AB64F9A4} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.1 FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011.08.05 17:55:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.25 14:12:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.09 18:47:59 | 000,000,000 | ---D | M] [2011.08.15 11:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\Extensions [2012.06.07 09:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\Firefox\Profiles\tk0xsy36.default\extensions [2012.06.07 09:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\Firefox\Profiles\tk0xsy36.default\extensions\staged [2011.09.27 22:54:39 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\Kersi\AppData\Roaming\mozilla\Firefox\Profiles\tk0xsy36.default\extensions\toolbar@ask.com [2011.10.21 12:13:46 | 000,583,875 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\testpilot@labs.mozilla.com.xpi [2012.01.03 15:42:08 | 000,520,337 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011.10.21 12:13:47 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.07 09:08:39 | 001,184,804 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\staged\testpilot@labs.mozilla.com.xpi [2012.06.07 09:08:38 | 000,525,079 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.06.07 09:08:35 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\staged\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.04.07 14:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.08.25 15:02:05 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.12.17 06:09:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.12.17 02:38:42 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml [2011.12.17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml [2011.12.17 02:38:42 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft) O4 - HKLM..\RunOnce: [CTSU] C:\Program Files (x86)\Creative\Software Update\CTSURun.exe (Creative Technology Ltd.) O4 - HKLM..\RunOnce: [InstallShieldSetup] C:\PROGRA~2\INSTAL~1\{BC124~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{BC124~1\reboot.ini -l0x7 File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Kersi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6124BFFB-70A1-490A-869C-7047E1C3AEF3}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75BFD33E-46B4-4689-A16C-43114DBF6D90}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6A7C4F5-A233-47EC-A6E5-0882137F6395}: NameServer = 193.189.244.225 193.189.244.206 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0293247e-d783-11e0-8968-3859f9760090}\Shell - "" = AutoRun O33 - MountPoints2\{0293247e-d783-11e0-8968-3859f9760090}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.21 16:17:14 | 000,000,000 | ---D | C] -- C:\Users\Kersi\AppData\Roaming\WinRAR [2013.01.21 16:17:14 | 000,000,000 | ---D | C] -- C:\Users\Kersi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.01.21 16:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.01.21 16:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.01.13 15:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio [2013.01.11 14:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam [2013.01.11 14:09:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative Live! Cam [2013.01.07 01:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.07 01:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.07 01:08:15 | 000,000,000 | ---D | C] -- C:\Users\Kersi\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2013.02.05 09:52:00 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\WebReg .job [2013.02.05 09:47:32 | 000,000,000 | ---- | M] () -- C:\Users\Kersi\defogger_reenable [2013.02.05 09:46:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2013.02.05 09:43:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.02.05 09:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.04 23:40:22 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 23:40:22 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 23:33:25 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.02.04 23:32:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.04 23:32:21 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys [2013.02.03 21:26:10 | 001,642,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.03 21:26:10 | 000,708,076 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.03 21:26:10 | 000,663,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.03 21:26:10 | 000,151,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.03 21:26:10 | 000,124,774 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.09 18:40:09 | 000,409,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.08 23:37:46 | 001,620,594 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.07 01:08:49 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk ========== Files Created - No Company Name ========== [2013.02.05 09:47:32 | 000,000,000 | ---- | C] () -- C:\Users\Kersi\defogger_reenable [2013.01.07 01:08:49 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.02 09:35:56 | 000,201,966 | ---- | C] () -- C:\Windows\hpwins19.dat [2011.09.01 12:01:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.08.30 15:38:29 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat [2011.08.30 15:36:33 | 000,201,966 | ---- | C] () -- C:\Windows\hpwins19.dat.temp [2011.08.30 15:36:33 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat.temp [2011.08.05 19:14:13 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.08.05 19:13:33 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.05 19:13:29 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.05 19:13:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.08.05 19:13:22 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.05 17:45:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.05 17:44:55 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.02.11 18:45:27 | 001,620,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.08.14 23:37:10 | 000,000,000 | ---D | M] -- C:\Users\Kersi\AppData\Roaming\DigitalPersona [2011.11.20 10:31:57 | 000,000,000 | ---D | M] -- C:\Users\Kersi\AppData\Roaming\Epson [2011.08.16 20:23:56 | 000,000,000 | ---D | M] -- C:\Users\Kersi\AppData\Roaming\PCDr [2011.08.31 09:16:10 | 000,000,000 | ---D | M] -- C:\Users\Kersi\AppData\Roaming\PhotoFiltre ========== Purity Check ========== < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 05.02.2013 09:51:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yoshi\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,92 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 37,33% Memory free
7,83 Gb Paging File | 5,17 Gb Available in Paging File | 66,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 276,60 Gb Total Space | 5,66 Gb Free Space | 2,05% Space Free | Partition Type: NTFS
Drive F: | 81,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 930,83 Gb Total Space | 329,21 Gb Free Space | 35,37% Space Free | Partition Type: NTFS
Computer Name: LAPTOPKERSI | User Name: Kersi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3587A0C0-1EC3-4345-825B-FDBA96FB5C7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EF01DD3-9B6C-4880-AF26-BB81BC6C305D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5C81E03E-DB3E-4A28-AB34-2A7B601CEBFD}" = lport=137 | protocol=17 | dir=in | app=system |
"{5C8963FE-3AFB-4458-A181-A0F8F9E08DB8}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E1F2858-B134-444A-8833-D4242279B345}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{619C9527-52FD-46AE-A21B-6A990D99767E}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update |
"{66C24403-6CA2-4C87-8B11-009157F23697}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68C0882D-61BC-4C4C-B3E1-BE8AE93613A1}" = lport=445 | protocol=6 | dir=in | app=system |
"{6EF97E1C-EAE8-44C2-9CF7-95112CF27616}" = rport=445 | protocol=6 | dir=out | app=system |
"{70CDAC83-DCC9-45AC-B713-67000B09BDE1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{793377EE-C56F-43DC-8E7D-C70C44EABD5A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A1472E6-EDEF-458D-AFDD-4C2D9729C39B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{890D9966-AE4B-4FA8-B3E0-B397176745AE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{89A2624B-6472-4083-BCE0-0A5614323ACF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FE33200-A884-4192-850A-32FBD2FD4FE5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9352FA7F-4AA0-47E4-A041-B24D33B92701}" = rport=10243 | protocol=6 | dir=out | app=system |
"{967F230B-F5ED-4E35-B4CC-931BDCFB1891}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A768EBB1-50B8-467D-9455-76792DDE02D9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BE90127B-14F3-49CF-9522-8CED91EEC7EA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C1ED3D8F-A71E-4447-A530-4FFFF6817BF0}" = rport=139 | protocol=6 | dir=out | app=system |
"{C9F2F2CB-DAFC-4B3F-810A-3DC049BC9F75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CAF9752C-F0D3-4689-9C8D-FF25330F6056}" = lport=138 | protocol=17 | dir=in | app=system |
"{D2D308E7-8781-4B5E-A87B-572867791A68}" = rport=137 | protocol=17 | dir=out | app=system |
"{DAF80082-643F-4E86-BD62-57B15E301B2F}" = lport=139 | protocol=6 | dir=in | app=system |
"{EC25FBC3-EAC5-4A8D-8483-52948987A838}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED8FD923-2D1A-4031-B17A-6BFF3CC088EE}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C480C8-FDCB-4273-A9D5-7872FA945D57}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1F6D00B4-A0AE-4968-A9C8-7F192A919154}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{20235AE5-2683-4F5A-A078-96D1166CB56D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{20FFA239-92D1-46F9-AAE8-25BC80ABED19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23F1BFB9-2A0B-404A-9D09-768711A3701F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{295B5177-A056-4953-96E8-4B53A7CD142B}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htc sync\htcsyncloader.exe |
"{2DFD026C-4372-4C84-B079-A63339E30B06}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{2E6527EA-2E14-40D9-A514-5688CC4C981E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{41112723-9D25-41D2-A44E-1A740073DD9A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{4222B3DD-045E-422F-9B58-70C686184407}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5F056231-B7E9-4A0E-A05B-5B758E8E59E1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7718A546-F049-4611-A118-3027B21CABBD}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{79733A63-E9DB-4E32-9A0C-582E9E891B2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E3D32E1-26CF-41F9-82BD-B0B8C11573B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8012AF6C-5A20-4F5A-A22E-FD2A6D93AE58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81606167-2E03-4424-B53B-9905516371FF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8E226DEF-159C-4CCF-8788-7B04904A89F2}" = protocol=6 | dir=out | app=system |
"{97E9DE23-6B37-4AAC-809D-072E5F0E4017}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A351C94F-80FA-443C-9DF7-889608B8FEDF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A42622D8-F8C4-4BEE-9083-9B9C4C98C93D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9D1CCE1-4308-4652-8D77-7F3654FB634E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE64B437-5E62-45BF-944E-C0C1516EABE4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{B433F2E4-A41D-41A7-97FA-1A33C77DE106}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{BA1C33BB-5064-437D-95B9-B69419306CBE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C3ED1D2B-A80E-4F75-9D02-5D41EB99CE00}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CAA6895D-BD5D-4A98-939E-C0E8F0B94C28}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{CAC190DC-8207-46D8-A93E-5D7ACA833B33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{D407C6FD-A4FC-45AD-AC2E-1642FA9E86BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8FE5719-A322-4B20-AECA-F5BCB2EADC63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D933D19E-F403-4B6F-81EF-7936D9F826B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD205CE4-DFAE-4B13-9A7A-8BBAACE3A277}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6A1AF81-7DAD-413D-891E-5AEBC0BCD1DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F1B59442-5AB8-4AF3-828A-ADA38CCA42F0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{F366F347-BAB3-4C8D-A2BA-BEEA4E7BE8F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1483A6E6-8F43-4275-931F-112B4B7E9402}C:\users\yoshi\appdata\roaming\icq\application\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\users\yoshi\appdata\roaming\icq\application\icq7.7\icq.exe |
"TCP Query User{28D6BC67-3253-487C-9662-FA23579A8768}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{653CD78E-5C2F-476B-9D62-2BF9690C730A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{CBF25348-60A7-4F08-8C3F-FEF816AD1EFD}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{4C6D9D31-C9FE-436C-8185-DAB3C9ED4B39}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{5F4A6D1C-4B6F-4AE0-B083-8C28B298DA6F}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{ED6D0CC7-574C-45B9-BA01-061C7C08D17A}C:\users\yoshi\appdata\roaming\icq\application\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\users\yoshi\appdata\roaming\icq\application\icq7.7\icq.exe |
"UDP Query User{F46E4061-C46F-461F-9278-96A6C4502115}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{08AABBF5-353E-43E5-9E38-94989DDE600C}" = Iomega Encryption
"{10AAF056-7792-497A-ACAF-3BF002196574}" = Validity Sensors DDK
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{18C99C4F-6BAB-84D1-261B-EC1099610C63}" = ATI AVIVO64 Codecs
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{480C331C-C21E-F744-DBFF-98F8F2B0D4AC}" = ATI Catalyst Install Manager
"{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{729F2EAD-6283-7CFE-E5DB-03C653A309E0}" = ccc-utility64
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"EPSON BX305 Series" = Druckerdeinstallation für EPSON BX305 Series
"GIMP-2_is1" = GIMP 2.8.2
"HP Smart Web Printing" = HP Smart Web Printing
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"R for Windows 2.13.2_is1" = R for Windows 2.13.2
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04FCD5DE-1662-4F99-BDA9-C57212113EF2}" = RemoteComms External Disk Access
"{07E10D8F-9E63-9334-4902-192A954E3B64}" = CCC Help Norwegian
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FA0F736-0851-C84A-08AE-D2F39C188B83}" = PX Profile Update
"{17422E25-DCC9-9192-6FC7-A0E8B324A7C9}" = CCC Help Finnish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2554B5A7-330A-D672-0F4B-D960F4F4F428}" = CCC Help German
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C6F513-5800-96BF-12EA-B4C7DC7DD671}" = Catalyst Control Center InstallProxy
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{41CE67B3-7766-4CC0-9E5A-D28DF12072E7}" = HTC Sync Manager
"{428C0601-9461-B6C8-D6D6-191FF8308410}" = ccc-core-static
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{46314378-EB8B-46B4-A790-4CFD0461ADA1}" = Catalyst Control Center - Branding
"{470AE5CD-6626-2D2A-6123-5D898D8813E5}" = CCC Help Japanese
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5765DDB0-6A73-F8CB-006E-76168E3DE49F}" = CCC Help Danish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5CFB494B-1A52-82E3-9EB2-8E21084390F6}" = CCC Help Swedish
"{5D2E23BC-C6A2-BB50-E738-B756F8040E65}" = CCC Help English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68998208-3CED-2259-C735-92F0C0D57620}" = Catalyst Control Center Localization All
"{69D91A61-4328-08DD-E0FB-D011E324F610}" = Catalyst Control Center Profiles Mobile
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CA87328-1AFA-3B5C-A279-C917D299E0CB}" = CCC Help Italian
"{8328181F-5C6B-9304-DDDC-85BE47A3B917}" = CCC Help Spanish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{878F597D-BA4C-2694-55E9-F1AE1988B144}" = CCC Help Portuguese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.1.3.1
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BA22076-945C-F764-4D33-2AF4DFE6A3F0}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1024FE-2009-2350-446F-3A6E00E5181A}" = CCC Help Russian
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B28FC637-A783-FE1C-8488-CAA05F11B690}" = CCC Help Chinese Traditional
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5EB9B5A-2964-D5A3-869A-520448200FC3}" = PowerXpressHybrid
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9454417-3019-FDB1-272B-A64F39202E3C}" = CCC Help Korean
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDA023EF-0F82-4030-BF23-5283C1EE1031}" = Nero 7 Essentials
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9C53AC8-C288-5727-1856-5B641CDFA2C1}" = CCC Help Dutch
"{FC687ED0-69A9-67E7-0219-55CFB9B643CC}" = CCC Help Chinese Standard
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"EADM" = EA Download Manager
"EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch
"EPSON BX305 Series Network Guide" = EPSON BX305 Series Netzwerk-Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FileHippo.com" = FileHippo.com Update Checker
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 9.0 (x86 en-GB)" = Mozilla Firefox 9.0 (x86 en-GB)
"RStudio" = RStudio
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.02.2013 10:06:41 | Computer Name = LaptopKersi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Updater.exe, Version: 5.10.1.44067,
Zeitstempel: 0x5000146c Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x009f00c4 ID des fehlerhaften
Prozesses: 0x774 Startzeit der fehlerhaften Anwendung: 0x01ce02178d7bedc1 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Updater\Updater.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: ee8fce88-6e0a-11e2-9ae0-3859f9760090
Error - 03.02.2013 11:45:29 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 03.02.2013 11:45:29 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 03.02.2013 11:45:34 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 03.02.2013 17:27:51 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 04.02.2013 10:57:04 | Computer Name = LaptopKersi | Source = WinMgmt | ID = 10
Description =
Error - 04.02.2013 11:57:42 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 04.02.2013 11:57:42 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 04.02.2013 11:59:51 | Computer Name = LaptopKersi | Source = WinMgmt | ID = 10
Description =
Error - 04.02.2013 18:33:30 | Computer Name = LaptopKersi | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 03.02.2013 11:45:17 | Computer Name = LaptopKersi | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 03.02.2013 11:45:17 | Computer Name = LaptopKersi | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 04.02.2013 10:58:01 | Computer Name = LaptopKersi | Source = DCOM | ID = 10016
Description =
Error - 04.02.2013 10:58:50 | Computer Name = LaptopKersi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 04.02.2013 10:59:02 | Computer Name = LaptopKersi | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 04.02.2013 11:01:07 | Computer Name = LaptopKersi | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP Network Devices Support" wurde nicht richtig gestartet.
Error - 04.02.2013 12:00:50 | Computer Name = LaptopKersi | Source = DCOM | ID = 10016
Description =
Error - 04.02.2013 12:18:38 | Computer Name = LaptopKersi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?02.?2013 um 17:09:16 unerwartet heruntergefahren.
Error - 04.02.2013 18:34:05 | Computer Name = LaptopKersi | Source = DCOM | ID = 10016
Description =
Error - 04.02.2013 20:42:54 | Computer Name = LaptopKersi | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-05 10:43:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST320LT0 rev.0001 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Kersi\AppData\Local\Temp\uxdyyfow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762d1401 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762d1419 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762d1431 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762d144a 2 bytes [2D, 76]
.text ... * 9
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762d14dd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762d14f5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762d150d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762d1525 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762d153d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762d1555 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762d156d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762d1585 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762d159d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762d15b5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762d15cd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762d16b2 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762d16bd 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762d1401 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762d1419 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762d1431 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762d144a 2 bytes [2D, 76]
.text ... * 9
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762d14dd 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762d14f5 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762d150d 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762d1525 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762d153d 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762d1555 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762d156d 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762d1585 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762d159d 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762d15b5 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762d15cd 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762d16b2 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762d16bd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762d1401 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762d1419 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762d1431 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762d144a 2 bytes [2D, 76]
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762d14dd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762d14f5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762d150d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762d1525 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762d153d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762d1555 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762d156d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762d1585 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762d159d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762d15b5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762d15cd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762d16b2 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762d16bd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762d1401 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762d1419 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762d1431 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762d144a 2 bytes [2D, 76]
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762d14dd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762d14f5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762d150d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762d1525 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762d153d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762d1555 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762d156d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762d1585 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762d159d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762d15b5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762d15cd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762d16b2 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762d16bd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762d1401 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762d1419 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762d1431 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762d144a 2 bytes [2D, 76]
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762d14dd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762d14f5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762d150d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762d1525 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762d153d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762d1555 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762d156d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762d1585 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762d159d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762d15b5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762d15cd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762d16b2 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762d16bd 2 bytes [2D, 76]
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f9760090
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f9760090 (not active ControlSet)
---- EOF - GMER 2.0 ----
Habe hoffentlich alles richtig gemacht! Vielen Dank schon mal im Voraus für eure Hilfe!! |
| Themen zu Java Viren seit Java Deinstallation |
| antivir, autorun, avira, bho, clipgrab, dell computer, desktop, error, excel, failed, firefox, flash player, format, igdpmd64.sys, install.exe, internet, javavirus, logfile, panda usb vaccine, plug-in, realtek, registry, rundll, scan, secunia psi, security, server, software, svchost.exe, usb, viren, windows, wscript.exe, zeitlupe |
Baum-Darstellung