|
Log-Analyse und Auswertung: Sicherheitswarnung Telekom 2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.02.2013, 15:48 | #1 |
| Sicherheitswarnung Telekom 2 Hiermit öffne ich einen neuen Thread, wie angekündigt für mein Problem mit der Telekom. Nach Aufforderung hier die Logfiles von Malwarebytes und OTL vom Laptop meiner Schwester: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.08.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Becky :: CLARKY [Administrator] Schutz: Aktiviert 08.02.2013 13:28:38 MBAM-log-2013-02-08 (15-05-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 445132 Laufzeit: 1 Stunde(n), 36 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 2/8/2013 3:09:51 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Becky\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.92 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 54.98% Memory free 7.83 Gb Paging File | 5.94 Gb Available in Paging File | 75.92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.00 Gb Total Space | 37.06 Gb Free Space | 33.38% Space Free | Partition Type: NTFS Drive D: | 164.05 Gb Total Space | 163.96 Gb Free Space | 99.94% Space Free | Partition Type: NTFS Drive E: | 6.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: CLARKY | User Name: Becky | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Becky\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics) PRC - C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll () MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (prodrv04) -- C:\Windows\SysWOW64\drivers\prodrv04.sys (Protection Technology Co.) DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1682194932-64252910-1022618409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKU\S-1-5-21-1682194932-64252910-1022618409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1682194932-64252910-1022618409-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-1682194932-64252910-1022618409-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1682194932-64252910-1022618409-1000\..\SearchScopes\{AED9C3F9-278C-4B18-B116-D0960A556A3D}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKU\S-1-5-21-1682194932-64252910-1022618409-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/01/09 18:20:23 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1682194932-64252910-1022618409-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B438F399-9079-4956-93E6-A2B6C2677C77}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/08 15:07:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Becky\Desktop\OTL.exe [2013/02/08 13:26:45 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Roaming\Malwarebytes [2013/02/08 13:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/08 13:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/08 13:26:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/02/08 13:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/02/08 13:26:22 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\Programs [2013/01/29 18:38:10 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{B3267D40-D242-4041-B260-167E0571DE48} [2013/01/25 18:40:02 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{7260DF58-DFD7-476B-AD3A-C6934509A25B} [2013/01/23 19:38:15 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013/01/23 19:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/01/23 19:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/01/21 18:31:33 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{4A2B9C46-CBA0-4F3F-A1EE-DA334979FA8A} [2013/01/17 15:21:18 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{FF69683B-5AF7-4F29-B511-EB7D50A9DFC9} [2013/01/16 18:15:10 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{8AAF0588-A49F-4965-B7D7-F733C0305686} [2013/01/16 18:11:27 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Roaming\Avira [2013/01/15 20:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013/01/15 20:36:28 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/01/15 20:36:28 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/01/15 20:36:28 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/01/15 20:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013/01/15 20:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013/01/15 18:19:39 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{B11BEEE0-11C1-4C0B-9904-61C5FF543F86} [2013/01/15 18:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013/01/15 18:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013/01/14 18:20:59 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{8434CCFE-BE3B-4677-8D0E-0A40A732FE62} [1 C:\Users\Becky\AppData\Roaming\*.tmp files -> C:\Users\Becky\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/08 15:18:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/08 15:07:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Becky\Desktop\OTL.exe [2013/02/08 14:20:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/08 14:20:25 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/08 14:20:25 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/08 13:31:00 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/08 13:31:00 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/08 13:26:39 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/08 13:23:13 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/08 13:22:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/08 13:22:54 | 4204,314,624 | -HS- | M] () -- C:\hiberfil.sys [2013/02/06 20:23:29 | 000,079,427 | ---- | M] () -- C:\Users\Becky\Documents\Smallville Fanfiction.odt [2013/01/29 18:51:18 | 000,009,874 | ---- | M] () -- C:\Users\Becky\Documents\Lois and clark their love.wlmp [2013/01/23 19:38:15 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/01/17 15:22:37 | 000,000,085 | ---- | M] () -- C:\Users\Becky\AppData\Roaming\blckdom.res [2013/01/15 20:36:40 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/01/15 18:14:21 | 000,001,262 | ---- | M] () -- C:\Users\Becky\Desktop\Free YouTube Download.lnk [2013/01/09 18:22:08 | 000,304,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/09 16:00:45 | 001,522,286 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/09 16:00:45 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/01/09 16:00:45 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/09 16:00:45 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/01/09 16:00:45 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [1 C:\Users\Becky\AppData\Roaming\*.tmp files -> C:\Users\Becky\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/08 13:26:39 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/01/15 20:36:40 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/01/15 18:14:21 | 000,001,262 | ---- | C] () -- C:\Users\Becky\Desktop\Free YouTube Download.lnk [2012/11/20 18:05:14 | 000,007,104 | ---- | C] () -- C:\Users\Becky\AppData\Roaming\BAcroIEHelpe235.dll [2012/10/31 13:39:17 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/10/05 14:05:12 | 000,000,029 | ---- | C] () -- C:\Users\Becky\AppData\Roaming\urhtps.dat [2012/08/20 10:05:40 | 000,000,085 | ---- | C] () -- C:\Users\Becky\AppData\Roaming\blckdom.res [2012/04/28 15:08:46 | 000,004,831 | ---- | C] () -- C:\Users\Becky\.recently-used.xbel [2011/11/28 14:10:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/03/17 21:02:23 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2011/03/17 20:56:12 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/03/17 20:56:10 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/03/17 20:56:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/03/17 07:32:56 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2011/03/17 06:03:43 | 000,001,898 | ---- | C] () -- C:\Windows\HotFixList.ini [2011/03/17 05:50:53 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 2/8/2013 3:09:52 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Becky\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.92 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 54.98% Memory free 7.83 Gb Paging File | 5.94 Gb Available in Paging File | 75.92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.00 Gb Total Space | 37.06 Gb Free Space | 33.38% Space Free | Partition Type: NTFS Drive D: | 164.05 Gb Total Space | 163.96 Gb Free Space | 99.94% Space Free | Partition Type: NTFS Drive E: | 6.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: CLARKY | User Name: Becky | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FD7BD15-F393-46AB-8947-2F2323EA4B09}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{15042EAB-8943-4F2F-8F29-D8ADD21B33CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2624A170-555E-4FD3-ACA4-8C2D77D54105}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2E2157B4-30C1-4D59-9ED3-5DB58765AF4D}" = lport=138 | protocol=17 | dir=in | app=system | "{35EDD49A-6198-49E6-AFE8-FF41A225E2F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{37E92ECC-D32B-49C4-8DC8-6EFCFAF115E8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{5DE490E2-6983-4481-85DA-5620EDF387D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{65CE1ED4-CF96-4D0C-8FF1-53AD668C5705}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6B3766EA-66EF-4F25-8E42-98927B5B8469}" = rport=10243 | protocol=6 | dir=out | app=system | "{73C520DB-6373-4ED6-8A2F-9B06538EC7C8}" = lport=10243 | protocol=6 | dir=in | app=system | "{7A4503CE-082B-46F0-AD32-B311E6D7362C}" = rport=139 | protocol=6 | dir=out | app=system | "{81715EDA-B7CF-4A05-A7ED-4BBEE1246112}" = rport=137 | protocol=17 | dir=out | app=system | "{97A3BEF3-FC7D-4770-BD99-D770A4C1367B}" = lport=139 | protocol=6 | dir=in | app=system | "{9B85C56A-540B-4418-B390-377F0D6C7A80}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9C6FA9DC-A2BA-4820-B789-D1B9034655FA}" = rport=138 | protocol=17 | dir=out | app=system | "{A1B41891-1D67-4D61-A263-8B7EB7368805}" = rport=445 | protocol=6 | dir=out | app=system | "{B65ED50D-F8DC-43A0-90B3-72FFE64BA66F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CD3C85B3-35E4-4BD3-86F6-D19EE1BB1F68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CFBBA896-A074-4A92-B6CB-447104FB133E}" = lport=137 | protocol=17 | dir=in | app=system | "{D77221F3-E400-46CD-9808-180930F4294A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D843C60D-04E6-4820-847E-6C756D966488}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E08A3EA8-54B9-49D9-BD00-D9E60C61BA54}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E3DBF768-60D3-475B-A65B-BE852212056C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EA17C201-EAD0-4709-B5E4-8EF35236F4A4}" = lport=2869 | protocol=6 | dir=in | app=system | "{FA9CFB55-37D6-485E-AFF0-9AE507E91F59}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{093584CB-F9A1-485A-98B0-59049511DE89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0B8ED4A4-53C8-46D5-83AA-076758F0A5C3}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | "{0F72199A-230E-4CBC-9527-1CEB01D1DFAE}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | "{199F3FB9-C592-44B4-A811-E7EF3ECB0434}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1FD1A700-2E10-4E0E-ABA2-BF8492839141}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{23E3BF04-2A35-43FA-AC31-EDCA9460E48B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{24000F1A-1722-4350-B281-D143728A9C0A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{296E054E-B47E-4B54-B626-9757ED5A5EBB}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | "{30D25976-4B2B-472F-8BD3-494F1510AF06}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{42F121F9-2930-4C5D-916E-71EBFE003987}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | "{46940097-A46C-4602-968A-97B76C4E1BEE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{47E0AD71-04A1-41DE-86C2-147C078C215C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4FD7E7C5-D859-493F-9476-28F17C30A61B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{51A6BDD3-E2B6-4957-9F71-1A727F507136}" = protocol=6 | dir=out | app=system | "{52CE0699-E4D3-4564-AA13-843A18874941}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | "{5951AF8D-D492-4929-9759-7B974D112D9B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{6F46C3E5-2F3C-48DC-93A3-D52A97237EDA}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | "{785CF561-DE61-4DCD-AB90-3C3CD523B694}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{787CE412-AE13-406C-8D18-79C9E47207E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{79F2A9DF-D54C-4691-AE6C-E137CDB6844B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7C53FEE7-F210-429D-8590-9B139F95E17F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{84F48EE6-41B5-4488-80EC-900E09047115}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{8F466C94-3897-4A3F-BD86-830AB5510533}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{957CE177-326A-4C30-BCEC-D7F2E1F544B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B1BA402D-920B-4108-B209-80A4E92CBB8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B51E430C-949D-4C0E-A00F-A67153249450}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{BD57BAD0-8C92-438E-B78B-A47E30387998}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{BDB8E2D9-EC4C-4B8C-8ECD-2FEBD1386244}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C2AC7E36-89D9-4666-B154-72B569857740}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CF380CE8-363A-459C-A266-7FA58079E4C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E4CA8654-68A5-491B-A065-02C8F2B99A34}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EADA7E2B-C70A-461F-8EA8-974E36B7B3E1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F5B8F2A1-1FEC-4F6C-ACB7-AA288E182229}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F5F510E4-1761-4370-8867-9614F81ED87F}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe | "{F5FCCDC9-7E8E-4357-83FE-25CBD8DA987C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{C7978EC6-3030-4F0E-9B6E-AA074A35E977}E:\ttn.exe" = protocol=6 | dir=in | app=e:\ttn.exe | "UDP Query User{0C1961B3-0AF7-400B-9984-59B3BACF1181}E:\ttn.exe" = protocol=17 | dir=in | app=e:\ttn.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources "{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources "{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources "{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources "{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources "{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Premium Sound Control Panel "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter "Elantech" = ETDWare PS/2-X64 8.0.7.2_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "ProInst" = Intel PROSet Wireless "WinGimp-2.0_is1" = GIMP 2.6.8 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker "{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包 "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common "{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger "{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지 "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker "{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}" = WordCaptureX Pro "{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5 "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{16880765-677F-440B-B16A-BFD9B9C00012}" = EasyFileShare "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“ "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger "{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“ "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer "{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10 "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials "{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3DE92282-CB49-434F-81BF-94E5B380E889}" = Die Sims™ 3 Jahreszeiten "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}" = PhoneShare "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials "{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger "{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta "{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일 "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“ "{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger "{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources "{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack "{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common "{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources "{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库 "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger "{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery "{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer "{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer "{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources "{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija "{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija "{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker "{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger "{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리 "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack "{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F617CEFF-8242-42AF-95BE-2545DB029A0C}" = Die Sims™ 3 Einfach tierisch: Erstelle ein Tier-Demo "{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center 1.0 "{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FDAE128F-A355-42B1-8422-1AF3ACEE34F4}" = SISShortcut "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker "{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender "7-PDF Maker_is1" = 7-PDF Maker Version 1.4.0 (Build 128) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira Free Antivirus "Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite "InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mein Pferdehof_is1" = Mein Pferdehof 1.0 "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Origin" = Origin "Samsung Printer Live Update" = Samsung Printer Live Update "Samsung Universal Print Driver" = Samsung Universal Print Driver "Samsung Universal Scan Driver" = Samsung Universal Scan Driver "WildTangent wildgames Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live 程式集 "WT085559" = Diner Dash 2 Restaurant Rescue "WT085567" = Chuzzle Deluxe "WT085580" = John Deere Drive Green "WT085581" = Penguins! "WT085583" = Polar Golfer "WT085587" = Agatha Christie - Death on the Nile "WT085597" = Build-a-lot "WT085618" = Farm Frenzy "WT085622" = Insaniquarium Deluxe "WT085663" = Peggle "WT085669" = Plants vs. Zombies "WT089285" = Zuma Deluxe "WT089286" = Bejeweled 2 Deluxe ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/27/2012 12:25:27 PM | Computer Name = Clarky | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16455 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1254 Startzeit: 01cdccbb58a2102c Endzeit: 20 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 11/27/2012 12:25:42 PM | Computer Name = Clarky | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000ceb14 ID des fehlerhaften Prozesses: 0x1548 Startzeit der fehlerhaften Anwendung: 0x01cdccbbd794d302 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 15df367b-38af-11e2-8f5b-e811327487c1 Error - 11/27/2012 1:22:01 PM | Computer Name = Clarky | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16455 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2920 Startzeit: 01cdccbbcf36fc54 Endzeit: 116 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 11/27/2012 1:24:24 PM | Computer Name = Clarky | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000ceb14 ID des fehlerhaften Prozesses: 0x3ef8 Startzeit der fehlerhaften Anwendung: 0x01cdccc403f4fdd0 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 492a6a97-38b7-11e2-8f5b-e811327487c1 Error - 11/27/2012 1:25:31 PM | Computer Name = Clarky | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16455 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 122c Startzeit: 01cdccbb578209ab Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: 5f13b72a-38b7-11e2-8f5b-e811327487c1 Error - 11/27/2012 2:53:40 PM | Computer Name = Clarky | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16455 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2ac0 Startzeit: 01cdcccf3520490e Endzeit: 342 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 11/27/2012 2:57:52 PM | Computer Name = Clarky | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16455 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1618 Startzeit: 01cdccd083db86e7 Endzeit: 742 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 11/28/2012 1:42:09 PM | Computer Name = Clarky | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16455 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1e38 Startzeit: 01cdcd88112120dd Endzeit: 20 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 12/1/2012 1:44:51 PM | Computer Name = Clarky | Source = Windows Installer 3.1 | ID = 921877 Description = Error - 12/1/2012 1:46:45 PM | Computer Name = Clarky | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Sims3LauncherW.exe, Version: 0.2.0.190, Zeitstempel: 0x50653b54 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001fab8 ID des fehlerhaften Prozesses: 0x1734 Startzeit der fehlerhaften Anwendung: 0x01cdcfebd44bacce Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Electronic Arts\Die Sims 3\Game\Bin\Sims3LauncherW.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 126f3c7c-3bdf-11e2-bb18-e811327487c1 [ System Events ] Error - 9/11/2012 9:34:28 AM | Computer Name = Clarky | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: prodrv04 Error - 9/11/2012 10:01:35 AM | Computer Name = Clarky | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv04.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 9/11/2012 10:01:52 AM | Computer Name = Clarky | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: prodrv04 Error - 9/16/2012 6:55:40 AM | Computer Name = Clarky | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv04.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 9/16/2012 6:55:55 AM | Computer Name = Clarky | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: prodrv04 Error - 9/17/2012 10:44:21 AM | Computer Name = Clarky | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv04.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 9/17/2012 10:44:39 AM | Computer Name = Clarky | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: prodrv04 Error - 9/17/2012 10:44:50 AM | Computer Name = Clarky | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000 Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b Error - 9/17/2012 10:45:08 AM | Computer Name = Clarky | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv04.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 9/17/2012 10:45:26 AM | Computer Name = Clarky | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: prodrv04 < End of report > |
08.02.2013, 16:08 | #2 |
/// Malware-holic | Sicherheitswarnung Telekom 2 hi
__________________sind das alle Malwarebytes logs? falls nein, poste weitere mit Funden + Avira Fundmeldungen. http://www.trojaner-board.de/125889-...en-posten.html
__________________ |
09.02.2013, 11:17 | #3 |
| Sicherheitswarnung Telekom 2 Hier die Avira Funde:
__________________Code:
ATTFilter Exportierte Ereignisse: 08.02.2013 15:18 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Becky\AppData\Roaming\BAcroIEHelpe235.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen8' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 08.02.2013 15:13 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Becky\AppData\Roaming\BAcroIEHelpe235.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen8' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 08.02.2013 14:06 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Becky\AppData\Roaming\BAcroIEHelpe235.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen8' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 08.02.2013 14:06 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Becky\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\31e34c46-139ca0 10' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 08.02.2013 14:04 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Becky\AppData\Local\Temp\V.class' wurde ein Virus oder unerwünschtes Programm 'EXP/JAVA.Ternub.Gen' [exploit] gefunden. Ausgeführte Aktion: Zugriff verweigern 08.02.2013 14:03 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LQVTLSCK\main[1].htm' enthielt einen Virus oder unerwünschtes Programm 'HTML/Dldr.Dawn.V' [virus]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58c66d1b.qua' verschoben! 08.02.2013 14:01 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LQVTLSCK\main[1].htm' wurde ein Virus oder unerwünschtes Programm 'HTML/Dldr.Dawn.V' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern 05.02.2013 11:50 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Becky\AppData\Roaming\BAcroIEHelpe251.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.Banker.YH' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5d877078.qua' verschoben! 05.02.2013 11:49 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Becky\AppData\Roaming\BAcroIEHelpe251.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.YH' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 22.01.2013 19:44 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Becky\AppData\Roaming\appconf32.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.Banker.EB.4' [trojan]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. 22.01.2013 19:43 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Becky\AppData\Roaming\AcroIEHelpe251.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.bafi.1' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '401c4d41.qua' verschoben! 22.01.2013 19:40 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Becky\AppData\Roaming\AcroIEHelpe251.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.bafi.1' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 22.01.2013 19:40 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Becky\AppData\Roaming\appconf32.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.EB.4' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Code:
ATTFilter 2013/02/08 13:26:53 +0100 CLARKY Becky MESSAGE Starting protection 2013/02/08 13:26:54 +0100 CLARKY Becky MESSAGE Protection started successfully 2013/02/08 13:26:54 +0100 CLARKY Becky MESSAGE Starting IP protection 2013/02/08 13:26:55 +0100 CLARKY Becky MESSAGE IP Protection started successfully 2013/02/08 13:27:02 +0100 CLARKY Becky MESSAGE Starting database refresh 2013/02/08 13:27:02 +0100 CLARKY Becky MESSAGE Stopping IP protection 2013/02/08 13:27:02 +0100 CLARKY Becky MESSAGE IP Protection stopped successfully 2013/02/08 13:27:05 +0100 CLARKY Becky MESSAGE Database refreshed successfully 2013/02/08 13:27:05 +0100 CLARKY Becky MESSAGE Starting IP protection 2013/02/08 13:27:08 +0100 CLARKY Becky MESSAGE IP Protection started successfully Code:
ATTFilter 2013/02/09 11:07:46 +0100 CLARKY (null) MESSAGE Executing scheduled update: Daily 2013/02/09 11:07:47 +0100 CLARKY (null) MESSAGE Starting protection 2013/02/09 11:07:47 +0100 CLARKY (null) MESSAGE Protection started successfully 2013/02/09 11:07:47 +0100 CLARKY (null) MESSAGE Starting IP protection 2013/02/09 11:07:51 +0100 CLARKY (null) MESSAGE IP Protection started successfully 2013/02/09 11:08:00 +0100 CLARKY Becky MESSAGE Starting database refresh 2013/02/09 11:08:00 +0100 CLARKY Becky MESSAGE Scheduled update executed successfully: database updated from version v2013.02.08.04 to version v2013.02.09.04 2013/02/09 11:08:00 +0100 CLARKY Becky MESSAGE Stopping IP protection 2013/02/09 11:08:00 +0100 CLARKY Becky MESSAGE IP Protection stopped successfully 2013/02/09 11:08:03 +0100 CLARKY Becky MESSAGE Database refreshed successfully 2013/02/09 11:08:03 +0100 CLARKY Becky MESSAGE Starting IP protection 2013/02/09 11:08:06 +0100 CLARKY Becky MESSAGE IP Protection started successfully 2013/02/09 11:11:17 +0100 CLARKY (null) MESSAGE Starting protection 2013/02/09 11:11:17 +0100 CLARKY (null) MESSAGE Protection started successfully 2013/02/09 11:11:17 +0100 CLARKY (null) MESSAGE Starting IP protection 2013/02/09 11:11:22 +0100 CLARKY (null) MESSAGE IP Protection started successfully |
10.02.2013, 20:34 | #4 |
/// TB-Ausbilder | Sicherheitswarnung Telekom 2 Hallo LaraMary, ich übernehme dein Thema ab hier. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld. Auf diesem Laptop ist sicher schon mal was drauf. Warnung: Infostealer Aus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat. Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen. Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern. Schauen wir noch nach, ob sonst noch was zum Vorschein kommt: Schritt 1
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
11.02.2013, 12:05 | #5 |
| Sicherheitswarnung Telekom 2Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net Rootkit scan 2013-02-11 12:01:39 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB Running: xvr1i2vm.exe; Driver: C:\Users\Becky\AppData\Local\Temp\uxldqpob.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes [D7, 77] .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes [D7, 77] .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes [D7, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes [D7, 77] ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde6a3c77 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde6a3c77 (not active ControlSet) ---- Disk sectors - GMER 2.0 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.0 ---- |
11.02.2013, 12:53 | #6 |
/// TB-Ausbilder | Sicherheitswarnung Telekom 2 Hallo, ok, lass uns noch etwas überprüfen: Schritt 1 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinen Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung. Hinweis: Sollte der Scan Button ausgeblendet sein, schliesse das Tool und starte es erneut. Sollte es erneut nicht klappen, teile mir das bitte mit. Bitte poste in deiner nächsten Antwort:
__________________ --> Sicherheitswarnung Telekom 2 |
11.02.2013, 16:32 | #7 |
| Sicherheitswarnung Telekom 2 Hier das Logfile: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-11 16:05:48 ----------------------------- 16:05:48.115 OS Version: Windows x64 6.1.7601 Service Pack 1 16:05:48.115 Number of processors: 4 586 0x2A07 16:05:48.115 ComputerName: CLARKY UserName: Becky 16:05:48.833 Initialize success 16:06:49.101 AVAST engine defs: 13021100 16:06:59.444 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:06:59.460 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3 16:06:59.522 Disk 0 MBR read successfully 16:06:59.522 Disk 0 MBR scan 16:06:59.538 Disk 0 unknown MBR code 16:06:59.569 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 16:06:59.647 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 113664 MB offset 206848 16:06:59.663 Disk 0 Partition - 00 0F Extended LBA 167992 MB offset 232990720 16:06:59.709 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 23486 MB offset 577038336 16:06:59.803 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 167991 MB offset 232992768 16:06:59.928 Disk 0 scanning C:\Windows\system32\drivers 16:07:29.225 Service scanning 16:08:03.638 Modules scanning 16:08:03.654 Disk 0 trace - called modules: 16:08:03.716 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 16:08:03.716 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800600d060] 16:08:03.732 3 CLASSPNP.SYS[fffff88001b4743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004511050] 16:08:05.838 AVAST engine scan C:\Windows 16:08:13.669 AVAST engine scan C:\Windows\system32 16:13:24.016 AVAST engine scan C:\Windows\system32\drivers 16:13:41.566 AVAST engine scan C:\Users\Becky 16:26:21.495 AVAST engine scan C:\ProgramData 16:27:42.240 Scan finished successfully 16:28:01.475 Disk 0 MBR has been saved successfully to "C:\Users\Becky\Desktop\MBR.dat" 16:28:01.475 The log file has been saved successfully to "C:\Users\Becky\Desktop\aswMBR log.txt" |
11.02.2013, 18:46 | #8 | |
/// TB-Ausbilder | Sicherheitswarnung Telekom 2 Hi, das war soweit unauffällig. Weiter geht's: Schritt 1 Lade dir TFC (von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
12.02.2013, 11:47 | #9 |
| Sicherheitswarnung Telekom 2 Hier das Logfile von Combofix: Code:
ATTFilter ComboFix 13-02-12.01 - Becky 12.02.2013 11:33:11.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4010.2696 [GMT 1:00] ausgeführt von:: c:\users\Becky\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Becky\AppData\Roaming\AcroIEHelpe.txt c:\users\Becky\AppData\Roaming\srvblck5.tmp . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-12 bis 2013-02-12 )))))))))))))))))))))))))))))) . . 2013-02-12 10:40 . 2013-02-12 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-08 12:26 . 2013-02-08 12:26 -------- d-----w- c:\users\Becky\AppData\Roaming\Malwarebytes 2013-02-08 12:26 . 2013-02-08 12:26 -------- d-----w- c:\programdata\Malwarebytes 2013-02-08 12:26 . 2013-02-08 12:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-02-08 12:26 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-08 12:26 . 2013-02-08 12:26 -------- d-----w- c:\users\Becky\AppData\Local\Programs 2013-01-23 18:38 . 2013-01-23 18:38 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-01-23 18:38 . 2013-01-23 18:38 -------- d-----r- c:\program files (x86)\Skype 2013-01-16 17:11 . 2013-01-16 17:11 -------- d-----w- c:\users\Becky\AppData\Roaming\Avira 2013-01-15 19:36 . 2012-12-03 14:36 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-01-15 19:36 . 2012-12-03 14:36 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-01-15 19:36 . 2012-11-16 19:17 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-01-15 19:36 . 2013-01-15 19:36 -------- d-----w- c:\programdata\Avira 2013-01-15 19:36 . 2013-01-15 19:36 -------- d-----w- c:\program files (x86)\Avira 2013-01-15 17:14 . 2013-01-15 17:14 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft 2013-01-15 17:14 . 2013-01-15 17:14 -------- d-----w- c:\program files (x86)\DVDVideoSoft 2013-01-15 17:12 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{270149F3-15C1-4E48-98FE-2D0B938BF182}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-08 13:20 . 2012-11-12 13:27 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-08 13:20 . 2012-02-13 19:47 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 14:57 . 2011-10-09 09:14 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-16 17:11 . 2012-12-21 19:02 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 19:02 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 19:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 19:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-07 13:20 . 2013-01-09 13:50 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-09 13:50 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-09 13:50 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-09 13:50 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-09 13:50 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-09 13:50 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-09 13:50 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-09 13:50 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-09 13:50 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-09 13:50 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-09 13:50 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-09 13:50 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-09 13:50 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-09 13:50 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-09 13:50 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-09 13:50 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-09 13:50 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 11:19 . 2013-01-09 13:50 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-09 13:50 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 10:46 . 2013-01-09 13:50 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 10:46 . 2013-01-09 13:50 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 13:50 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 13:50 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 13:50 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 10:46 . 2013-01-09 13:50 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 13:50 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 10:46 . 2013-01-09 13:50 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 10:46 . 2013-01-09 13:50 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 10:46 . 2013-01-09 13:50 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 10:46 . 2013-01-09 13:50 15360 ----a-w- c:\windows\SysWow64\djctq.rs 2012-12-07 10:46 . 2013-01-09 13:50 55296 ----a-w- c:\windows\SysWow64\cero.rs 2012-12-07 10:46 . 2013-01-09 13:50 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2012-11-30 05:45 . 2013-01-09 13:50 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-11-30 05:45 . 2013-01-09 13:50 243200 ----a-w- c:\windows\system32\wow64.dll 2012-11-30 05:45 . 2013-01-09 13:50 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-11-30 05:45 . 2013-01-09 13:50 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-11-30 05:43 . 2013-01-09 13:50 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-11-30 05:41 . 2013-01-09 13:50 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 05:41 . 2013-01-09 13:50 1161216 ----a-w- c:\windows\system32\kernel32.dll 2012-11-30 05:38 . 2013-01-09 13:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-11-30 04:54 . 2013-01-09 13:50 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-11-30 04:53 . 2013-01-09 13:50 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-11-30 04:45 . 2013-01-09 13:50 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RemoteControl10"="c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R1 prodrv04;Star Force copy protection driver v4;c:\windows\System32\drivers\prodrv04.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-04 85280] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-04 103472] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Inhalt des "geplante Tasks" Ordners . 2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 13:20] . 2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-13 19:47] . 2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-13 19:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-27 11780712] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-14 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-14 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-14 418328] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mStart Page = hxxp://samsung.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Free YouTube Download - c:\users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.2.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-02-12 11:42:17 ComboFix-quarantined-files.txt 2013-02-12 10:42 . Vor Suchlauf: 9 Verzeichnis(se), 42.959.372.288 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 42.545.262.592 Bytes frei . - - End Of File - - 0746387B785AACA34A7449FA8A7CC376 |
12.02.2013, 12:05 | #10 |
/// TB-Ausbilder | Sicherheitswarnung Telekom 2 Hallo, dann kontrollieren wir nochmals: Schritt 1
Schritt 2 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo Geändert von aharonov (12.02.2013 um 12:23 Uhr) |
12.02.2013, 15:11 | #11 |
| Sicherheitswarnung Telekom 2 Okay, zuerst der Log von MBAM: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.12.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Becky :: CLARKY [Administrator] Schutz: Aktiviert 12.02.2013 12:57:27 mbam-log-2013-02-12 (12-57-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215350 Laufzeit: 4 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter 2013/02/12 11:11:25 +0100 CLARKY (null) MESSAGE Starting protection 2013/02/12 11:11:25 +0100 CLARKY (null) MESSAGE Protection started successfully 2013/02/12 11:11:25 +0100 CLARKY (null) MESSAGE Starting IP protection 2013/02/12 11:11:31 +0100 CLARKY (null) MESSAGE IP Protection started successfully 2013/02/12 11:17:04 +0100 CLARKY Becky MESSAGE Executing scheduled update: Daily 2013/02/12 11:17:17 +0100 CLARKY Becky MESSAGE Scheduled update executed successfully: database updated from version v2013.02.11.04 to version v2013.02.12.04 2013/02/12 11:17:17 +0100 CLARKY Becky MESSAGE Starting database refresh 2013/02/12 11:17:17 +0100 CLARKY Becky MESSAGE Stopping IP protection 2013/02/12 11:17:18 +0100 CLARKY Becky MESSAGE IP Protection stopped successfully 2013/02/12 11:17:20 +0100 CLARKY Becky MESSAGE Database refreshed successfully 2013/02/12 11:17:20 +0100 CLARKY Becky MESSAGE Starting IP protection 2013/02/12 11:17:23 +0100 CLARKY Becky MESSAGE IP Protection started successfully 2013/02/12 11:21:30 +0100 CLARKY (null) MESSAGE Starting protection 2013/02/12 11:21:30 +0100 CLARKY (null) MESSAGE Protection started successfully 2013/02/12 11:21:30 +0100 CLARKY (null) MESSAGE Starting IP protection 2013/02/12 11:21:35 +0100 CLARKY (null) MESSAGE IP Protection started successfully 2013/02/12 11:29:19 +0100 CLARKY Becky MESSAGE Stopping protection 2013/02/12 11:29:19 +0100 CLARKY Becky MESSAGE Protection stopped successfully 2013/02/12 11:29:19 +0100 CLARKY Becky MESSAGE Stopping IP protection 2013/02/12 11:29:19 +0100 CLARKY Becky MESSAGE IP Protection stopped successfully 2013/02/12 11:29:19 +0100 CLARKY Becky MESSAGE Protection stopped 2013/02/12 12:51:41 +0100 CLARKY (null) MESSAGE Starting protection 2013/02/12 12:51:42 +0100 CLARKY (null) MESSAGE Protection started successfully 2013/02/12 12:51:42 +0100 CLARKY (null) MESSAGE Starting IP protection 2013/02/12 12:51:46 +0100 CLARKY (null) MESSAGE IP Protection started successfully 2013/02/12 12:57:02 +0100 CLARKY Becky MESSAGE Starting database refresh 2013/02/12 12:57:02 +0100 CLARKY Becky MESSAGE Stopping IP protection 2013/02/12 12:57:02 +0100 CLARKY Becky MESSAGE IP Protection stopped successfully 2013/02/12 12:57:05 +0100 CLARKY Becky MESSAGE Database refreshed successfully 2013/02/12 12:57:05 +0100 CLARKY Becky MESSAGE Starting IP protection 2013/02/12 12:57:08 +0100 CLARKY Becky MESSAGE IP Protection started successfully Code:
ATTFilter OTL logfile created on: 2/12/2013 2:56:46 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Becky\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.92 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 58.20% Memory free 7.83 Gb Paging File | 6.09 Gb Available in Paging File | 77.73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.00 Gb Total Space | 39.25 Gb Free Space | 35.36% Space Free | Partition Type: NTFS Drive D: | 164.05 Gb Total Space | 163.96 Gb Free Space | 99.94% Space Free | Partition Type: NTFS Drive E: | 6.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: CLARKY | User Name: Becky | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Becky\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC) PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics) PRC - C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll () MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (prodrv04) -- C:\Windows\SysWOW64\drivers\prodrv04.sys (Protection Technology Co.) DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{AED9C3F9-278C-4B18-B116-D0960A556A3D}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/01/09 18:20:23 | 000,000,000 | ---D | M] O1 HOSTS File: ([2013/02/12 11:40:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B438F399-9079-4956-93E6-A2B6C2677C77}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/12 13:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/02/12 13:04:57 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Becky\Desktop\esetsmartinstaller_enu.exe [2013/02/12 12:52:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/02/12 11:42:19 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/02/12 11:31:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/02/12 11:31:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/02/12 11:31:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/02/12 11:31:43 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/02/12 11:31:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/02/12 11:26:57 | 005,033,736 | R--- | C] (Swearware) -- C:\Users\Becky\Desktop\ComboFix.exe [2013/02/12 11:15:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Becky\Desktop\TFC.exe [2013/02/11 16:03:51 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Becky\Desktop\aswMBR.exe [2013/02/09 11:10:18 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/02/08 15:07:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Becky\Desktop\OTL.exe [2013/02/08 13:26:45 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Roaming\Malwarebytes [2013/02/08 13:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/08 13:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/08 13:26:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/02/08 13:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/02/08 13:26:22 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\Programs [2013/01/29 18:38:10 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{B3267D40-D242-4041-B260-167E0571DE48} [2013/01/25 18:40:02 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{7260DF58-DFD7-476B-AD3A-C6934509A25B} [2013/01/23 19:38:15 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013/01/23 19:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/01/23 19:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/01/21 18:31:33 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{4A2B9C46-CBA0-4F3F-A1EE-DA334979FA8A} [2013/01/17 15:21:18 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{FF69683B-5AF7-4F29-B511-EB7D50A9DFC9} [2013/01/16 18:15:10 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{8AAF0588-A49F-4965-B7D7-F733C0305686} [2013/01/16 18:11:27 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Roaming\Avira [2013/01/15 20:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013/01/15 20:36:28 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/01/15 20:36:28 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/01/15 20:36:28 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/01/15 20:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013/01/15 20:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013/01/15 18:19:39 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{B11BEEE0-11C1-4C0B-9904-61C5FF543F86} [2013/01/15 18:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013/01/15 18:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013/01/14 18:20:59 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{8434CCFE-BE3B-4677-8D0E-0A40A732FE62} ========== Files - Modified Within 30 Days ========== [2013/02/12 14:54:21 | 000,091,208 | ---- | M] () -- C:\Users\Becky\Desktop\Screenshot ESET.PNG [2013/02/12 14:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/12 14:18:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/12 13:10:15 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/12 13:10:15 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/02/12 13:10:15 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/12 13:10:15 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/02/12 13:10:15 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/12 13:04:57 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Becky\Desktop\esetsmartinstaller_enu.exe [2013/02/12 12:59:02 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/12 12:59:02 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/12 12:52:11 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/12 12:51:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/12 12:51:24 | 4204,314,624 | -HS- | M] () -- C:\hiberfil.sys [2013/02/12 11:40:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/02/12 11:26:59 | 005,033,736 | R--- | M] (Swearware) -- C:\Users\Becky\Desktop\ComboFix.exe [2013/02/12 11:15:32 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Becky\Desktop\TFC.exe [2013/02/11 16:31:43 | 000,000,537 | ---- | M] () -- C:\Users\Becky\Desktop\MBR.zip [2013/02/11 16:28:01 | 000,000,512 | ---- | M] () -- C:\Users\Becky\Desktop\MBR.dat [2013/02/11 16:05:01 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Becky\Desktop\aswMBR.exe [2013/02/11 11:27:19 | 000,365,568 | ---- | M] () -- C:\Users\Becky\Desktop\xvr1i2vm.exe [2013/02/08 15:07:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Becky\Desktop\OTL.exe [2013/02/08 13:26:39 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/06 20:23:29 | 000,079,427 | ---- | M] () -- C:\Users\Becky\Documents\Smallville Fanfiction.odt [2013/01/29 18:51:18 | 000,009,874 | ---- | M] () -- C:\Users\Becky\Documents\Lois and clark their love.wlmp [2013/01/23 19:38:15 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/01/17 15:22:37 | 000,000,085 | ---- | M] () -- C:\Users\Becky\AppData\Roaming\blckdom.res [2013/01/15 20:36:40 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/01/15 18:14:21 | 000,001,262 | ---- | M] () -- C:\Users\Becky\Desktop\Free YouTube Download.lnk ========== Files Created - No Company Name ========== [2013/02/12 14:54:21 | 000,091,208 | ---- | C] () -- C:\Users\Becky\Desktop\Screenshot ESET.PNG [2013/02/12 11:31:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/02/12 11:31:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/02/12 11:31:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/02/12 11:31:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/02/12 11:31:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/02/11 16:31:43 | 000,000,537 | ---- | C] () -- C:\Users\Becky\Desktop\MBR.zip [2013/02/11 16:28:01 | 000,000,512 | ---- | C] () -- C:\Users\Becky\Desktop\MBR.dat [2013/02/11 11:27:19 | 000,365,568 | ---- | C] () -- C:\Users\Becky\Desktop\xvr1i2vm.exe [2013/02/08 13:26:39 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/01/15 20:36:40 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/01/15 18:14:21 | 000,001,262 | ---- | C] () -- C:\Users\Becky\Desktop\Free YouTube Download.lnk [2012/10/31 13:39:17 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/10/05 14:05:12 | 000,000,029 | ---- | C] () -- C:\Users\Becky\AppData\Roaming\urhtps.dat [2012/08/20 10:05:40 | 000,000,085 | ---- | C] () -- C:\Users\Becky\AppData\Roaming\blckdom.res [2012/04/28 15:08:46 | 000,004,831 | ---- | C] () -- C:\Users\Becky\.recently-used.xbel [2011/11/28 14:10:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/03/17 21:02:23 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2011/03/17 20:56:12 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/03/17 20:56:10 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/03/17 20:56:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/03/17 07:32:56 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2011/03/17 06:03:43 | 000,001,898 | ---- | C] () -- C:\Windows\HotFixList.ini [2011/03/17 05:50:53 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/12/09 15:45:44 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\7-PDFMaker [2013/01/15 18:14:16 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\DVDVideoSoft [2012/05/12 18:37:48 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers [2012/04/28 15:08:46 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\gtk-2.0 [2012/08/01 11:27:31 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\kock [2011/09/30 16:30:48 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\OpenOffice.org [2012/12/01 18:46:45 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Origin [2011/09/21 16:53:33 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\PlayFirst [2013/02/06 20:24:02 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\SoftGrid Client [2012/10/31 13:39:55 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\TP [2012/11/27 19:35:55 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\UAs [2012/10/16 19:40:50 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\WildTangent [2013/01/14 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\xmldm ========== Purity Check ========== < End of report > |
12.02.2013, 15:54 | #12 |
/// TB-Ausbilder | Sicherheitswarnung Telekom 2 Hallo, noch ein paar Resten sind zu entfernen. Und ein paar veraltete Softwareversionen müssen noch weg, um die Gefahr für weitere Malwarebefälle zu vermindern: Schritt 1
Code:
ATTFilter :OTL [2012/08/20 10:05:40 | 000,000,085 | ---- | C] () -- C:\Users\Becky\AppData\Roaming\blckdom.res [2012/10/05 14:05:12 | 000,000,029 | ---- | C] () -- C:\Users\Becky\AppData\Roaming\urhtps.dat [2012/08/01 11:27:31 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\kock [2012/11/27 19:35:55 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\UAs [2013/01/14 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\xmldm
Schritt 2 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 13.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Schritt 3 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind. Schritt 4 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
12.02.2013, 18:41 | #13 |
| Sicherheitswarnung Telekom 2Code:
ATTFilter ========== OTL ========== C:\Users\Becky\AppData\Roaming\blckdom.res moved successfully. C:\Users\Becky\AppData\Roaming\urhtps.dat moved successfully. C:\Users\Becky\AppData\Roaming\kock folder moved successfully. C:\Users\Becky\AppData\Roaming\UAs folder moved successfully. C:\Users\Becky\AppData\Roaming\xmldm folder moved successfully. OTL by OldTimer - Version 3.2.69.0 log created on 02122013_165849 Code:
ATTFilter OTL logfile created on: 2/12/2013 6:29:29 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Becky\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.92 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 64.10% Memory free 7.83 Gb Paging File | 6.17 Gb Available in Paging File | 78.85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.00 Gb Total Space | 39.77 Gb Free Space | 35.83% Space Free | Partition Type: NTFS Drive D: | 164.05 Gb Total Space | 163.96 Gb Free Space | 99.94% Space Free | Partition Type: NTFS Drive E: | 6.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: CLARKY | User Name: Becky | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Becky\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC) PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics) PRC - C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll () MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (prodrv04) -- C:\Windows\SysWOW64\drivers\prodrv04.sys (Protection Technology Co.) DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{AED9C3F9-278C-4B18-B116-D0960A556A3D}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/01/09 18:20:23 | 000,000,000 | ---D | M] O1 HOSTS File: ([2013/02/12 11:40:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B438F399-9079-4956-93E6-A2B6C2677C77}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/12 18:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013/02/12 18:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013/02/12 18:22:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/02/12 17:55:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/02/12 17:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013/02/12 16:58:49 | 000,000,000 | ---D | C] -- C:\_OTL [2013/02/12 13:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/02/12 13:04:57 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Becky\Desktop\esetsmartinstaller_enu.exe [2013/02/12 12:52:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/02/12 11:42:19 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/02/12 11:31:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/02/12 11:31:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/02/12 11:31:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/02/12 11:31:43 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/02/12 11:31:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/02/12 11:26:57 | 005,033,736 | R--- | C] (Swearware) -- C:\Users\Becky\Desktop\ComboFix.exe [2013/02/12 11:15:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Becky\Desktop\TFC.exe [2013/02/11 16:03:51 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Becky\Desktop\aswMBR.exe [2013/02/09 11:10:18 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/02/08 15:07:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Becky\Desktop\OTL.exe [2013/02/08 13:26:45 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Roaming\Malwarebytes [2013/02/08 13:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/08 13:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/08 13:26:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/02/08 13:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/02/08 13:26:22 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\Programs [2013/01/29 18:38:10 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{B3267D40-D242-4041-B260-167E0571DE48} [2013/01/25 18:40:02 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{7260DF58-DFD7-476B-AD3A-C6934509A25B} [2013/01/23 19:38:15 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013/01/23 19:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/01/23 19:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/01/21 18:31:33 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{4A2B9C46-CBA0-4F3F-A1EE-DA334979FA8A} [2013/01/17 15:21:18 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{FF69683B-5AF7-4F29-B511-EB7D50A9DFC9} [2013/01/16 18:15:10 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{8AAF0588-A49F-4965-B7D7-F733C0305686} [2013/01/16 18:11:27 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Roaming\Avira [2013/01/15 20:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013/01/15 20:36:28 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/01/15 20:36:28 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/01/15 20:36:28 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/01/15 20:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013/01/15 20:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013/01/15 18:19:39 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{B11BEEE0-11C1-4C0B-9904-61C5FF543F86} [2013/01/15 18:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013/01/15 18:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013/01/14 18:20:59 | 000,000,000 | ---D | C] -- C:\Users\Becky\AppData\Local\{8434CCFE-BE3B-4677-8D0E-0A40A732FE62} ========== Files - Modified Within 30 Days ========== [2013/02/12 18:27:28 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/02/12 18:25:00 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/12 18:25:00 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/12 18:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/12 18:18:21 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/12 18:18:07 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/12 18:17:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/12 18:17:16 | 4204,314,624 | -HS- | M] () -- C:\hiberfil.sys [2013/02/12 14:54:21 | 000,091,208 | ---- | M] () -- C:\Users\Becky\Desktop\Screenshot ESET.PNG [2013/02/12 13:10:15 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/12 13:10:15 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/02/12 13:10:15 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/12 13:10:15 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/02/12 13:10:15 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/12 13:04:57 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Becky\Desktop\esetsmartinstaller_enu.exe [2013/02/12 11:40:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/02/12 11:26:59 | 005,033,736 | R--- | M] (Swearware) -- C:\Users\Becky\Desktop\ComboFix.exe [2013/02/12 11:15:32 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Becky\Desktop\TFC.exe [2013/02/11 16:31:43 | 000,000,537 | ---- | M] () -- C:\Users\Becky\Desktop\MBR.zip [2013/02/11 16:28:01 | 000,000,512 | ---- | M] () -- C:\Users\Becky\Desktop\MBR.dat [2013/02/11 16:05:01 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Becky\Desktop\aswMBR.exe [2013/02/11 11:27:19 | 000,365,568 | ---- | M] () -- C:\Users\Becky\Desktop\xvr1i2vm.exe [2013/02/08 15:07:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Becky\Desktop\OTL.exe [2013/02/08 13:26:39 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/06 20:23:29 | 000,079,427 | ---- | M] () -- C:\Users\Becky\Documents\Smallville Fanfiction.odt [2013/01/29 18:51:18 | 000,009,874 | ---- | M] () -- C:\Users\Becky\Documents\Lois and clark their love.wlmp [2013/01/23 19:38:15 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/01/15 20:36:40 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/01/15 18:14:21 | 000,001,262 | ---- | M] () -- C:\Users\Becky\Desktop\Free YouTube Download.lnk ========== Files Created - No Company Name ========== [2013/02/12 18:27:28 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/02/12 18:27:28 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/02/12 14:54:21 | 000,091,208 | ---- | C] () -- C:\Users\Becky\Desktop\Screenshot ESET.PNG [2013/02/12 11:31:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/02/12 11:31:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/02/12 11:31:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/02/12 11:31:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/02/12 11:31:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/02/11 16:31:43 | 000,000,537 | ---- | C] () -- C:\Users\Becky\Desktop\MBR.zip [2013/02/11 16:28:01 | 000,000,512 | ---- | C] () -- C:\Users\Becky\Desktop\MBR.dat [2013/02/11 11:27:19 | 000,365,568 | ---- | C] () -- C:\Users\Becky\Desktop\xvr1i2vm.exe [2013/02/08 13:26:39 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/01/15 20:36:40 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/01/15 18:14:21 | 000,001,262 | ---- | C] () -- C:\Users\Becky\Desktop\Free YouTube Download.lnk [2012/10/31 13:39:17 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/04/28 15:08:46 | 000,004,831 | ---- | C] () -- C:\Users\Becky\.recently-used.xbel [2011/11/28 14:10:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/03/17 21:02:23 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2011/03/17 20:56:12 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/03/17 20:56:10 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/03/17 20:56:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/03/17 07:32:56 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2011/03/17 06:03:43 | 000,001,898 | ---- | C] () -- C:\Windows\HotFixList.ini [2011/03/17 05:50:53 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/12/09 15:45:44 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\7-PDFMaker [2013/01/15 18:14:16 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\DVDVideoSoft [2012/05/12 18:37:48 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\DVDVideoSoftIEHelpers [2012/04/28 15:08:46 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\gtk-2.0 [2011/09/30 16:30:48 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\OpenOffice.org [2012/12/01 18:46:45 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\Origin [2011/09/21 16:53:33 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\PlayFirst [2013/02/12 17:47:55 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\SoftGrid Client [2012/10/31 13:39:55 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\TP [2012/10/16 19:40:50 | 000,000,000 | ---D | M] -- C:\Users\Becky\AppData\Roaming\WildTangent ========== Purity Check ========== < End of report > |
12.02.2013, 20:27 | #14 |
/// TB-Ausbilder | Sicherheitswarnung Telekom 2 Hallo, auf diesem Rechner sollte jetzt keine Malware mehr sein. Da war wie schon erwähnt ein Infostealer drauf und man sollte dementsprechend reagieren. Der passt aber nicht so recht auf die Formulierung des Schreibens der Telekom. Möchtest du noch weitere Rechner untersuchen? Wir räumen jetzt hier noch auf: Schritt 1 Bitte deaktiviere jetzt temporär das Antiviren-Programm, evtl. vorhandenes Skript-Blocking und Antimalware-Programme. Drücke bitte die + R Taste, kopiere folgenden Text in das Ausführen Fenster Code:
ATTFilter Combofix /Uninstall Du kannst die eben deaktivierten Programme nun wieder einschalten. Schritt 2 Den ESET Online Scanner kannst du behalten, um ab und zu für eine Zweitmeinung dein System damit zu scannen. Falls du ESET aber deinstallieren möchtest, dann: Drücke bitte die + R Taste, kopiere folgenden Text in das Ausführen Fenster Code:
ATTFilter "%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe" Schritt 3 Downloade dir bitte delfix auf deinen Desktop.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus. Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und Software Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-Software Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im Internet Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine Hinweise Abschliessend noch ein paar grundsätzliche Bemerkungen:
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________ cheers, Leo |
15.02.2013, 14:19 | #15 |
| Sicherheitswarnung Telekom 2 Danke erstmal bis hierhin Von meiner Seite noch einmal etwas: Am Dienstag Abend, kurz vor deinem letzten Beitrag, habe ich halt Java neu installiert und alles lief reibungslos. Doch am nächsten Morgen berichtete mir meine Schwester, dass, wenn sie den Browser öffnet, einige Seiten sehr lange für den Seitenaufbau benötigen (web.de, diese Seite hier, facebook, youtube). Google und seine verschiedenen Komponenten funktionieren mit der gewohnten Geschwindigkeit und auch sonst alle Offline-Sachen. Dabei wollte ich eigentlich weitermachen und mit delfix die Progs löschen ... Womit kann das zu tun haben? Ich dachte, es wäre alles runter? Und wir haben übrigens noch einen XP-PC. Wenn das mit dem Telekom-Schreiben nicht zusammengepasst hat, wäre es vllt nicht schlecht, den auch noch überprüfen zu lassen. Ach so, an unserer Leitung kann es nicht liegen, die beiden anderen PCs sind so schnell wie immer |
Themen zu Sicherheitswarnung Telekom 2 |
antivir, autorun, bho, bingbar, browser, converter, diner dash, exp/java.ternub.gen, firefox, flash player, html/dldr.dawn.v, iexplore.exe, install.exe, installation, microsoft office starter 2010, ntdll.dll, origin, plug-in, problem, programm, realtek, registry, siteadvisor, software, svchost.exe, symantec, tr/crypt.epack.gen2, tr/spy.bafi.1, tr/spy.banker.eb.4, tr/spy.banker.gen8, tr/spy.banker.yh, trojan.banker, wildtangent games |