| |
| |||||||
Log-Analyse und Auswertung: Trojaner Yontoo html/expkit.gen3Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.03.2013, 18:16
| #1 |
| |  Trojaner Yontoo html/expkit.gen3 Liebes Trojaner-Board Team, ich habe mir vor kurzem den Trojaner oder Virus html/expkit.gen3 eingefangen. Ich wollte einen Treiber aus dem Internet runterladen und war wohl auf einer nicht seriösen Seite. Zu meiner Schande nutzte ich Avira Antivir. Als ich den "Treiber" installieren wollte, wurde ein Avira Antivir Setup Fenster geöffnet, was mir schon komisch vor kam. Der Trojaner hatte wohl schon ganze Arbeit geleistet. Ich habe keine Logs erstellt, da ich danach aus Angst mein System neu aufgesetzt habe. Neu aufgesetzt habe ich mit der Recovery Partition auf dem Rechner. Wo ich auch nicht sicher sein konnte, dass diese nicht auch infiziert ist. Ich habe nun McAfee und habe immer noch Angst, dass mein System nicht sauber ist. Als kleines Beispiel: Wenn ich mit dem Internet Explorer mit Bing nach Avira Antivir suche, kommt eine Seite, die ebenfalls nicht seriös ist. (möchte sie nicht posten) Wenn man Antivir dort runterladen möchte, wird folgendes angezeigt -> antivir yontoo. Unter dem Namen Yontoo habe ich schon einiges gelesen....Dieser Trojaner soll wohl teilweise die Programme umschreiben, sowie auf andere Internetseiten führen. Ich habe die Logs von Malwarebytes erstellt.. Ich hoffe ihr könnt mir noch helfen, mein System wieder sauber zu bekommen. Vielen Dank schon mal im Voraus! Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.21.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 Vanessa :: VANESSA-PC [Administrator] Schutz: Aktiviert 21.03.2013 18:11:12 mbam-log-2013-03-21 (18-11-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206369 Laufzeit: 1 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 21.03.2013 18:40:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vanessa\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,98 Gb Total Physical Memory | 9,56 Gb Available Physical Memory | 79,76% Memory free 23,96 Gb Paging File | 21,62 Gb Available in Paging File | 90,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 300,01 Gb Total Space | 211,65 Gb Free Space | 70,55% Space Free | Partition Type: NTFS Drive D: | 59,62 Gb Total Space | 59,53 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Drive E: | 617,40 Gb Total Space | 614,78 Gb Free Space | 99,58% Space Free | Partition Type: NTFS Drive L: | 465,65 Gb Total Space | 48,69 Gb Free Space | 10,46% Space Free | Partition Type: FAT32 Computer Name: VANESSA-PC | User Name: Vanessa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.03.21 18:20:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vanessa\Desktop\OTL.exe PRC - [2013.03.07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2011.03.23 23:20:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.01.31 21:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.11.24 12:08:06 | 000,021,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe PRC - [2010.09.28 03:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe PRC - [2010.09.18 00:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.09.18 00:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013.02.19 13:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013.02.19 13:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2013.03.20 19:03:48 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate) SRV - [2013.03.07 15:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.25 23:05:10 | 000,384,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS) SRV - [2013.02.19 13:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp) SRV - [2013.01.28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011.03.23 23:20:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.01.31 21:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV - [2010.11.24 12:08:06 | 000,021,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -- (XTUService) SRV - [2010.09.28 02:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 22:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.19 13:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013.02.19 13:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013.02.19 13:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2013.02.19 13:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013.02.19 13:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013.02.19 13:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013.02.19 13:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.04.20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.30 23:09:34 | 000,358,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011.06.30 07:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.06.30 07:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.03.23 16:02:22 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2011.03.23 16:02:22 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2011.03.23 16:02:22 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.14 02:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.08.18 00:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2010.06.09 10:00:14 | 000,028,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.11.16 16:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2010.09.15 14:30:50 | 000,034,304 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys -- (IOCBIOS) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {091D5C7E-14F6-4490-BDFE-5EF8EB293B02} IE - HKCU\..\SearchScopes\{091D5C7E-14F6-4490-BDFE-5EF8EB293B02}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.03.20 17:21:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.20 17:17:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.03.19 23:34:28 | 000,000,000 | ---D | M] [2013.03.20 17:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanessa\AppData\Roaming\mozilla\Extensions [2013.03.21 18:01:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanessa\AppData\Roaming\mozilla\Firefox\Profiles\igfvk60f.default\extensions [2013.03.21 18:01:21 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\igfvk60f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.20 17:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57CBE84E-95BE-4789-82B8-6D1E8882D70F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4641DD4-0E76-4AFA-B98C-973714B92841}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2013.03.21 18:20:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vanessa\Desktop\OTL.exe [2013.03.21 17:52:07 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Roaming\Malwarebytes [2013.03.21 17:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.21 17:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.21 17:51:50 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.21 17:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.21 17:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.03.21 17:49:28 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2013.03.21 17:49:28 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2013.03.21 17:49:28 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2013.03.21 17:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013.03.21 17:49:19 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Roaming\TuneUp Software [2013.03.21 17:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2013.03.21 17:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.03.21 17:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing-Desktop [2013.03.21 17:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.21 17:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.21 17:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.21 17:19:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.03.21 17:19:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.03.20 22:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Riot Games [2013.03.20 21:12:45 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Local\PMB Files [2013.03.20 21:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013.03.20 21:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.03.20 21:12:27 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\.swt [2013.03.20 19:30:00 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Local\Macromedia [2013.03.20 19:00:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.03.20 18:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.03.20 18:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.03.20 18:27:40 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.03.20 18:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.03.20 18:27:31 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Local\Programs [2013.03.20 18:20:06 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\Documents\CyberLink [2013.03.20 18:20:02 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Local\Cyberlink [2013.03.20 18:19:55 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Roaming\PowerCinema [2013.03.20 18:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2013.03.20 18:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2013.03.20 18:17:27 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\Documents\Guild Wars 2 [2013.03.20 18:05:46 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Local\{BF77CF68-5E4C-4267-A61E-C023C325D754} [2013.03.20 18:04:55 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Roaming\Windows Live Writer [2013.03.20 18:04:55 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Local\Windows Live Writer [2013.03.20 18:03:51 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Roaming\TS3Client [2013.03.20 18:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.03.20 18:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2013.03.20 17:17:38 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Roaming\Mozilla [2013.03.20 17:17:38 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Local\Mozilla [2013.03.20 17:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.03.20 17:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.03.20 17:17:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.20 05:07:16 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2013.03.20 05:07:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2013.03.20 05:07:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE [2013.03.20 05:07:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de [2013.03.20 05:07:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407 [2013.03.20 05:07:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE [2013.03.20 05:07:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407 [2013.03.20 05:07:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de [2013.03.20 05:06:45 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.03.20 05:06:45 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.03.20 05:06:45 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.03.20 05:06:45 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.03.20 05:04:33 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log [2013.03.20 00:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.03.19 23:39:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.03.19 23:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\clear.fi [2013.03.19 23:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2013.03.19 23:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft [2013.03.19 23:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2013.03.19 23:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2013.03.19 23:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2013.03.19 22:48:15 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys [2013.03.19 22:24:19 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Roaming\Adobe [2013.03.19 21:02:02 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Roaming\Intel Corporation [2013.03.19 21:02:01 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Roaming\OEM [2013.03.19 21:02:01 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Local\EgisTec IPS [2013.03.19 21:02:00 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Roaming\Macromedia [2013.03.19 21:01:50 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.19 21:01:50 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\Searches [2013.03.19 21:01:50 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.19 21:01:44 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Roaming\Identities [2013.03.19 21:01:42 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\Contacts [2013.03.19 21:00:33 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Roaming\CyberLink [2013.03.19 21:00:32 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Local\Acer [2013.03.19 21:00:31 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Local\PowerCinema [2013.03.19 21:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\Accessory Store [2013.03.19 21:00:11 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Local\VirtualStore [2013.03.19 21:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection [2013.03.19 21:00:00 | 000,000,000 | --SD | C] -- C:\Users\Vanessa\AppData\Roaming\Microsoft [2013.03.19 21:00:00 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\Videos [2013.03.19 21:00:00 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\Saved Games [2013.03.19 21:00:00 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\Pictures [2013.03.19 21:00:00 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\Music [2013.03.19 21:00:00 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.19 21:00:00 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\Links [2013.03.19 21:00:00 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\Favorites [2013.03.19 21:00:00 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\Downloads [2013.03.19 21:00:00 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\Documents [2013.03.19 21:00:00 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\Desktop [2013.03.19 21:00:00 | 000,000,000 | R--D | C] -- C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\Vorlagen [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\AppData\Local\Verlauf [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\AppData\Local\Temporary Internet Files [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\Startmenü [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\SendTo [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\Recent [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\Netzwerkumgebung [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\Lokale Einstellungen [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\Documents\Eigene Videos [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\Documents\Eigene Musik [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\Eigene Dateien [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\Documents\Eigene Bilder [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\Druckumgebung [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\Cookies [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\AppData\Local\Anwendungsdaten [2013.03.19 21:00:00 | 000,000,000 | -HSD | C] -- C:\Users\Vanessa\Anwendungsdaten [2013.03.19 21:00:00 | 000,000,000 | -H-D | C] -- C:\Users\Vanessa\AppData [2013.03.19 21:00:00 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Local\Temp [2013.03.19 21:00:00 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Local\Microsoft [2013.03.19 21:00:00 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Roaming\Media Center Programs [2013.03.19 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.19 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.19 20:59:55 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.03.19 20:59:55 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.19 20:59:55 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.19 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.19 20:59:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.19 20:59:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.19 20:59:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.19 20:59:55 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.19 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.19 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.19 20:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Extreme Tuning Utility [2013.03.19 20:37:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64 [2013.03.19 20:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013.03.19 20:36:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2013.03.19 20:31:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clear.fi [2013.03.19 20:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink [2013.03.19 20:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.03.19 20:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.03.19 20:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.03.19 20:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.03.19 20:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.03.19 20:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology [2013.03.19 20:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec [2013.03.19 20:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem [2013.03.19 20:19:53 | 000,000,000 | ---D | C] -- C:\book [2013.03.19 20:19:37 | 000,054,784 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronHub3.sys [2013.03.19 20:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.03.19 20:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.03.19 20:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.03.19 20:16:21 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.03.19 20:16:21 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.03.19 20:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.03.19 20:13:59 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.03.19 20:10:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2013.03.21 18:24:18 | 000,377,856 | ---- | M] () -- C:\Users\Vanessa\Desktop\gmer_2.1.19155.exe [2013.03.21 18:20:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vanessa\Desktop\OTL.exe [2013.03.21 18:20:23 | 000,000,000 | ---- | M] () -- C:\Users\Vanessa\defogger_reenable [2013.03.21 18:19:27 | 000,050,477 | ---- | M] () -- C:\Users\Vanessa\Desktop\Defogger.exe [2013.03.21 18:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.21 17:53:35 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.21 17:53:35 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.21 17:53:35 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.21 17:53:35 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.21 17:53:35 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.21 17:51:54 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.21 17:49:51 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk [2013.03.21 17:49:27 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013.03.21 17:49:27 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013.03.21 17:41:36 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 17:41:36 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 17:34:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.21 17:34:12 | 1059,561,470 | -HS- | M] () -- C:\hiberfil.sys [2013.03.20 22:49:02 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2013.03.20 18:27:44 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.03.20 18:18:40 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2013.03.20 18:03:05 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.03.20 17:17:29 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.20 05:07:10 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat [2013.03.20 05:07:10 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat [2013.03.20 05:06:45 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.03.20 05:06:45 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.03.20 05:06:45 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.03.20 05:06:45 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.03.20 05:04:32 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag [2013.03.19 23:46:15 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.19 23:46:15 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.19 23:35:54 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2013.03.19 23:34:52 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.19 23:30:29 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2013.03.19 21:00:17 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\Online kaufen.lnk [2013.03.19 20:59:50 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.03.19 20:59:50 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.03.19 20:37:03 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Intel Extreme Tuning Utility.lnk [2013.03.19 20:37:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf [2013.03.19 20:33:17 | 000,000,017 | ---- | M] () -- C:\Windows\ClearFi.tag [2013.03.19 20:31:41 | 000,002,171 | ---- | M] () -- C:\Users\Public\Desktop\clear.fi.lnk ========== Files Created - No Company Name ========== [2013.03.21 18:24:17 | 000,377,856 | ---- | C] () -- C:\Users\Vanessa\Desktop\gmer_2.1.19155.exe [2013.03.21 18:20:23 | 000,000,000 | ---- | C] () -- C:\Users\Vanessa\defogger_reenable [2013.03.21 18:19:27 | 000,050,477 | ---- | C] () -- C:\Users\Vanessa\Desktop\Defogger.exe [2013.03.21 17:51:54 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.21 17:49:27 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013.03.21 17:49:27 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013.03.21 17:49:26 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013.03.20 22:49:02 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2013.03.20 19:00:38 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.20 18:27:44 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.03.20 18:27:44 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.03.20 18:18:40 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2013.03.20 18:03:05 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.03.20 17:17:29 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.20 17:17:29 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.20 05:09:29 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag [2013.03.20 05:07:35 | 000,653,928 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat [2013.03.20 05:07:35 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat [2013.03.20 05:07:35 | 000,129,800 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat [2013.03.20 05:07:35 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat [2013.03.19 23:46:15 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.19 23:46:15 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.19 23:35:54 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2013.03.19 23:30:27 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2013.03.19 23:19:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.03.19 23:12:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.03.19 21:01:51 | 000,001,425 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.19 21:00:34 | 000,001,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fooz Kids.lnk [2013.03.19 21:00:17 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\Online kaufen.lnk [2013.03.19 20:38:36 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2013.03.19 20:37:03 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Intel Extreme Tuning Utility.lnk [2013.03.19 20:37:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf [2013.03.19 20:33:17 | 000,000,017 | ---- | C] () -- C:\Windows\ClearFi.tag [2013.03.19 20:31:41 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\clear.fi.lnk [2013.03.19 20:29:57 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk [2013.03.19 20:25:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2013.03.19 20:16:21 | 000,007,621 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.03.19 20:10:55 | 1059,561,470 | -HS- | C] () -- C:\hiberfil.sys [2011.03.23 15:25:59 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.19 21:02:01 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\OEM [2013.03.20 18:20:06 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\PowerCinema [2013.03.20 22:47:02 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\TS3Client [2013.03.21 17:49:19 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\TuneUp Software [2013.03.20 18:04:55 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.03.2013 18:40:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vanessa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
11,98 Gb Total Physical Memory | 9,56 Gb Available Physical Memory | 79,76% Memory free
23,96 Gb Paging File | 21,62 Gb Available in Paging File | 90,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,01 Gb Total Space | 211,65 Gb Free Space | 70,55% Space Free | Partition Type: NTFS
Drive D: | 59,62 Gb Total Space | 59,53 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive E: | 617,40 Gb Total Space | 614,78 Gb Free Space | 99,58% Space Free | Partition Type: NTFS
Drive L: | 465,65 Gb Total Space | 48,69 Gb Free Space | 10,46% Space Free | Partition Type: FAT32
Computer Name: VANESSA-PC | User Name: Vanessa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049E15B8-FFB2-4AD0-922B-D6B5E172ECEF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0858250D-5768-4DD5-9CA0-DD1146F9387E}" = lport=139 | protocol=6 | dir=in | app=system |
"{0D077609-CAD1-41C0-805B-99D8AD8034F2}" = lport=445 | protocol=6 | dir=in | app=system |
"{16AE85E0-D664-4D55-9919-147D379C8430}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1BD6E230-155D-4B6E-909D-DCCCCEFC6B4E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{239CA495-833C-4214-BC85-FFE58A17FA43}" = rport=445 | protocol=6 | dir=out | app=system |
"{2FA8A2EA-CC68-4B78-86F1-EF25B7910E8C}" = rport=138 | protocol=17 | dir=out | app=system |
"{35128809-CE18-4BCB-B68A-6086B2810D8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3A4E88B6-3523-46D7-835D-A93306A21E02}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E20B1BF-191B-45B5-B0A3-F56A95ABBFC1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{41884B93-4F5D-4366-8F37-13B6B14C474C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{47006CE2-37FD-4ACE-8F49-DFA890C32DF8}" = lport=138 | protocol=17 | dir=in | app=system |
"{762EBB82-C8A8-4C48-822A-8BA0146D3CED}" = lport=137 | protocol=17 | dir=in | app=system |
"{86BCD9BD-972B-4A13-9449-9C6DC2DD0357}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{913AF3A5-89FB-42C0-A78F-B75261D594D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{946CC9CC-5F5F-4361-ACF1-A298208FF208}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{96DFB14F-459A-4160-A574-EA65B4D49D43}" = rport=137 | protocol=17 | dir=out | app=system |
"{B59153D5-5982-4F4C-9184-6C0462402863}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B5DF2024-4203-4ECD-9DC6-3DC2E7E0AF71}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D28FDB4D-753F-4B49-81F7-00525D2E04F8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DAEAD22F-37C1-4D22-B8AE-9723F1137997}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E642A20C-848E-4D6E-8C20-1F3F74927683}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F90044AD-8996-426B-84AE-E306470D986C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{167B85FD-43BB-4C22-A0C7-3DC9EBAA726C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B61203B-72DF-493E-AAF8-4D6A23802ECE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2D5C6618-69A5-40C9-B5E8-8845C3FD321E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2E5F824D-4BC4-4320-99DE-3DE8FD6E82DA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3458A574-26D0-41A3-AFB8-03161ABAF833}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{45CB1A07-04AA-45E3-BDED-35EE867B60D4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4C6F700A-B79A-41A9-A16C-4536F6D5A369}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E567672-17FE-49C8-B082-58D8262D2D5B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{50D0E581-CFA3-4715-AB1B-A3B8843386E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52794822-C5EF-470A-904A-659D116C1D3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{528575EC-4138-4B26-B8C4-8A74E5D1D8DB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{58224E51-DB55-4F0E-984D-E3DB260F7850}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{58B7AC04-D21D-4056-9A4C-08AA46620189}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{591688B0-F238-4A80-BA55-81DE1F59BA9B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6D5BFD49-A73A-456F-951D-8BEAFF1BDA20}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{711F20CA-9CC0-41A2-8FCD-E78B56353B6B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{71475CA5-3EC2-4846-95C3-8171DB6C2AA4}" = protocol=6 | dir=out | app=system |
"{725B6D7B-3F1D-4400-984A-A243E9970299}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7A967B31-A2B6-4C9D-994E-842B52999792}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BB3C49C-9460-4074-ACDE-7AB0EB15F13F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{7C5E3A49-2F87-40F0-8566-6C16E2D863C0}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{850BA2E3-4830-4982-98DB-8072B15E82A8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{87C75789-9C00-4EB1-B02F-88B139DF6777}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{8B695B14-880A-49CC-AF51-79223710666D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{904EB1B9-3B90-40C2-BD54-4B19499AB1D3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{95FAF421-C3B3-44CC-936A-2FCCE769A976}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97B75BCA-4221-4800-8D71-666DE5314AD9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9D4D3741-0463-40E4-9FD1-2FCD7C90F650}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FAE3C14-24CB-4F17-99AE-087F8EB3CAE9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A2A395F8-2AFA-47F9-B5C0-20A8E9FB4319}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{AAF0262F-3A5E-4E95-BDD0-F38007B76067}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{AD00307C-52BA-4479-965F-7A1391A8BEAD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{B41079A1-D68F-4A5B-97D7-AA56D02A045F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C36DEDA7-9236-40EC-9CE7-FADD76E64E95}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CBD466F3-7B37-421E-9D76-92C5991005D2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD666324-6DEB-41E5-BE25-90EE418E9BC3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D43AD950-FBAB-406A-9844-A007504B5538}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E4DEF237-AC67-46C4-9E96-8A5948A6E6BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E6F3A4BB-1C10-4D29-B7A1-F9A59AD9E802}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EC353129-5B6F-4DEC-9EFD-6F19DC3F8EDB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6EC9D3D-6D50-4ACA-B0F9-311BB8A29096}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SMBus" = Intel(R) SMBus
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility 2.1.408.41
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Guild Wars 2" = Guild Wars 2
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.03.2013 18:49:34 | Computer Name = Vanessa-PC | Source = MsiInstaller | ID = 11935
Description =
Error - 19.03.2013 18:49:59 | Computer Name = Vanessa-PC | Source = MsiInstaller | ID = 11935
Description =
Error - 19.03.2013 18:53:48 | Computer Name = Vanessa-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.03.2013 19:00:24 | Computer Name = Vanessa-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.03.2013 19:07:05 | Computer Name = Vanessa-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.03.2013 19:48:43 | Computer Name = Vanessa-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 20.03.2013 12:15:39 | Computer Name = Vanessa-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.03.2013 12:07:48 | Computer Name = Vanessa-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.03.2013 12:27:56 | Computer Name = Vanessa-PC | Source = MsiInstaller | ID = 11935
Description =
Error - 21.03.2013 12:34:20 | Computer Name = Vanessa-PC | Source = WinMgmt | ID = 10
Description =
[ Spybot - Search and Destroy Events ]
Error - 20.03.2013 13:43:53 | Computer Name = Vanessa-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 19.03.2013 17:47:30 | Computer Name = Vanessa-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Boot Delay Start Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1083
Error - 19.03.2013 18:19:23 | Computer Name = Vanessa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft XML Core Services
4.0 Service Pack 2 für x64-Systeme (KB954430)
Error - 19.03.2013 18:21:45 | Computer Name = Vanessa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Update für Microsoft XML Core Services 4.0 Service
Pack 2 für x64-basierte Systeme (KB973688)
Error - 19.03.2013 18:33:20 | Computer Name = Vanessa-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "GREGService" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 19.03.2013 18:33:21 | Computer Name = Vanessa-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Live Updater Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 19.03.2013 18:33:21 | Computer Name = Vanessa-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 19.03.2013 18:33:23 | Computer Name = Vanessa-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 19.03.2013 18:33:23 | Computer Name = Vanessa-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
< End of report >
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-21 18:48:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 ST310005 rev.JC45 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Vanessa\AppData\Local\Temp\fxliifow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1900] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000759a1465 2 bytes [9A, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1900] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000759a14bb 2 bytes [9A, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759a1465 2 bytes [9A, 75]
.text C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759a14bb 2 bytes [9A, 75]
.text ... * 2
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759a1465 2 bytes [9A, 75]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759a14bb 2 bytes [9A, 75]
.text ... * 2
.text C:\Windows\system32\taskeng.exe[6988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759a1465 2 bytes [9A, 75]
.text C:\Windows\system32\taskeng.exe[6988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759a14bb 2 bytes [9A, 75]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\Users\Vanessa\Downloads\Defogger.exe (*** suspicious ***) @ C:\Users\Vanessa\Downloads\Defogger.exe [6988] 0000000000400000
---- EOF - GMER 2.1 ----
Geändert von vanessawa (21.03.2013 um 18:52 Uhr) Grund: Neue Logs hinzugefügt |
|
21.03.2013, 19:44
| #2 |
| /// TB-Ausbilder  | Trojaner Yontoo html/expkit.gen3 Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.  Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen
Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3: Temporäre Dateien löschen mit TFC
Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
|
22.03.2013, 19:22
| #3 |
| | Trojaner Yontoo html/expkit.gen3 Vielen Dank für deine schnelle Hilfe.
__________________Schritt 1 : Habe alle Programme deinstalliert, die auf der Liste standen. (Allerdings habe ich nun kein Antivirus-Programm) Schritt 2: LOG AdwCleaner Code:
ATTFilter # AdwCleaner v2.115 - Datei am 22/03/2013 um 19:11:15 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Vanessa - VANESSA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Vanessa\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\igfvk60f.default\prefs.js
C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\igfvk60f.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [835 octets] - [22/03/2013 19:11:15]
########## EOF - C:\AdwCleaner[S1].txt - [894 octets] ##########
Schritt 4: LOG DDS+ DDS DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521
Run by Vanessa at 19:15:32 on 2013-03-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.12270.10578 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{57CBE84E-95BE-4789-82B8-6D1E8882D70F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C4641DD4-0E76-4AFA-B98C-973714B92841} : DHCPNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\igfvk60f.default\
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-03-21 18:01; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\igfvk60f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-3-23 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-3-23 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-3-23 62584]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-23 13336]
R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2010-9-15 34304]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-3-23 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-23 378472]
R2 XTUService;Intel(R) Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-3-19 54784]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-7 77696]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-18 26136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-19 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-19 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-19 30208]
S3 WSDScan;WSD-Scanunterstützung durch UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-03-21 20:42:15 -------- d-----w- C:\ProgramData\Canon IJ Network Tool
2013-03-21 20:42:15 -------- d-----w- C:\Program Files (x86)\Canon
2013-03-21 20:42:13 303104 ----a-w- C:\Windows\SysWow64\CNC560L.dll
2013-03-21 20:42:13 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2013-03-21 20:42:13 106496 ----a-w- C:\Windows\SysWow64\CNC560U.dll
2013-03-21 20:41:46 39424 ----a-w- C:\Windows\System32\CNMN6UI.DLL
2013-03-21 20:41:46 366592 ----a-w- C:\Windows\SysWow64\CNMNPPM.DLL
2013-03-21 20:41:46 359936 ----a-w- C:\Windows\System32\CNMN6PPM.DLL
2013-03-21 20:41:46 -------- d-----w- C:\Windows\System32\STRING
2013-03-21 20:41:29 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA0.DLL
2013-03-21 20:41:29 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA0.DLL
2013-03-21 20:41:07 336896 ----a-w- C:\Windows\System32\CNMLMA0.DLL
2013-03-21 20:41:05 244736 ----a-w- C:\Windows\System32\CNMIUA0.DLL
2013-03-21 18:12:34 -------- d-----w- C:\Users\Vanessa\AppData\Local\{3906C75A-D971-4EBC-810D-9CE3C3994477}
2013-03-21 16:52:07 -------- d-----w- C:\Users\Vanessa\AppData\Roaming\Malwarebytes
2013-03-21 16:51:51 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-21 16:49:19 -------- d-----w- C:\Users\Vanessa\AppData\Roaming\TuneUp Software
2013-03-21 16:49:06 -------- d-----w- C:\ProgramData\TuneUp Software
2013-03-21 16:19:38 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-03-21 16:19:38 -------- d--h--w- C:\ProgramData\Common Files
2013-03-20 21:49:02 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2013-03-20 21:49:02 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2013-03-20 21:49:02 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2013-03-20 21:49:02 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2013-03-20 21:49:02 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2013-03-20 21:45:34 -------- d-----w- C:\Program Files (x86)\Riot Games
2013-03-20 20:12:45 -------- d-----w- C:\Users\Vanessa\AppData\Local\PMB Files
2013-03-20 20:12:44 -------- d-----w- C:\ProgramData\PMB Files
2013-03-20 20:12:38 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-03-20 20:12:27 -------- d-----w- C:\Users\Vanessa\.swt
2013-03-20 18:30:00 -------- d-----w- C:\Users\Vanessa\AppData\Local\Macromedia
2013-03-20 18:00:38 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-20 18:00:38 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-20 17:27:45 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-03-20 17:27:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-03-20 17:27:31 -------- d-----w- C:\Users\Vanessa\AppData\Local\Programs
2013-03-20 17:20:02 -------- d-----w- C:\Users\Vanessa\AppData\Local\Cyberlink
2013-03-20 17:19:55 -------- d-----w- C:\Users\Vanessa\AppData\Roaming\PowerCinema
2013-03-20 17:18:39 -------- d-----w- C:\Program Files (x86)\Guild Wars 2
2013-03-20 17:05:46 -------- d-----w- C:\Users\Vanessa\AppData\Local\{BF77CF68-5E4C-4267-A61E-C023C325D754}
2013-03-20 17:04:55 -------- d-----w- C:\Users\Vanessa\AppData\Roaming\Windows Live Writer
2013-03-20 17:04:55 -------- d-----w- C:\Users\Vanessa\AppData\Local\Windows Live Writer
2013-03-20 17:03:51 -------- d-----w- C:\Users\Vanessa\AppData\Roaming\TS3Client
2013-03-20 17:03:04 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2013-03-20 04:07:16 -------- d-----w- C:\Windows\de-DE
2013-03-20 04:07:15 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2013-03-20 04:07:15 -------- d-----w- C:\Windows\SysWow64\wbem\de-DE
2013-03-20 04:07:15 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\de-DE
2013-03-20 04:07:15 -------- d-----w- C:\Windows\SysWow64\drivers\de-DE
2013-03-20 04:07:15 -------- d-----w- C:\Windows\SysWow64\de
2013-03-20 04:07:15 -------- d-----w- C:\Windows\SysWow64\0407
2013-03-20 04:07:14 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE
2013-03-20 04:07:14 -------- d-----w- C:\Windows\System32\drivers\de-DE
2013-03-20 04:07:14 -------- d-----w- C:\Windows\System32\0407
2013-03-20 04:07:13 -------- d-----w- C:\Windows\System32\wbem\de-DE
2013-03-20 04:07:13 -------- d-----w- C:\Windows\System32\de
2013-03-20 04:07:02 2048 ----a-w- C:\Windows\System32\drivers\de-DE\usbrpm.sys.mui
2013-03-20 04:04:33 -------- d-----w- C:\Windows\NAPP_Dism_Log
2013-03-19 23:03:53 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-03-19 22:55:31 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-03-19 22:55:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-03-19 22:55:31 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-03-19 22:55:30 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-03-19 22:55:30 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-03-19 22:55:30 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-03-19 22:55:30 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-03-19 22:55:28 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-03-19 22:55:27 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-03-19 22:45:42 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-19 22:43:38 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-19 22:36:31 -------- d-----w- C:\ProgramData\clear.fi
2013-03-19 22:32:42 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2013-03-19 22:32:41 -------- d-----w- C:\Windows\System32\wbem\en-US
2013-03-19 22:30:27 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2013-03-19 22:30:27 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2013-03-19 22:30:27 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-03-19 22:29:42 -------- d-----w- C:\ProgramData\Battle.net
2013-03-19 22:19:58 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-03-19 22:19:58 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-03-19 22:19:58 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-03-19 22:19:58 2560 ----a-w- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
2013-03-19 22:16:19 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-03-19 22:13:09 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-03-19 22:13:09 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-03-19 22:13:09 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-03-19 22:13:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-03-19 22:13:09 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-03-19 22:13:09 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-03-19 22:12:50 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-03-19 22:12:50 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-03-19 22:12:50 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-03-19 22:12:50 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-03-19 22:12:50 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-03-19 22:12:50 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-03-19 22:12:50 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-03-19 22:12:04 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-03-19 22:12:04 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-03-19 22:12:04 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-03-19 22:12:03 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-03-19 22:12:03 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-03-19 22:09:56 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-03-19 22:08:58 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-03-19 22:06:39 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-03-19 22:05:32 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-19 22:04:47 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2013-03-19 22:03:34 3216384 ----a-w- C:\Windows\System32\msi.dll
2013-03-19 22:03:34 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2013-03-19 22:03:33 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-03-19 22:03:33 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2013-03-19 22:03:32 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-03-19 22:03:31 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-03-19 22:03:30 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-03-19 22:03:30 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-03-19 22:01:54 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-03-19 21:59:28 77312 ----a-w- C:\Windows\System32\packager.dll
2013-03-19 21:59:28 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-03-19 21:58:21 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-03-19 21:58:21 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-03-19 21:58:21 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-03-19 21:52:36 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-03-19 21:52:29 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-03-19 21:52:23 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-03-19 21:52:23 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-03-19 20:02:02 -------- d-----w- C:\Users\Vanessa\AppData\Roaming\Intel Corporation
2013-03-19 20:02:01 -------- d-----w- C:\Users\Vanessa\AppData\Roaming\OEM
2013-03-19 20:02:01 -------- d-----w- C:\Users\Vanessa\AppData\Local\EgisTec IPS
2013-03-19 19:59:55 -------- d-sh--we C:\Programme
2013-03-19 19:59:55 -------- d-sh--we C:\ProgramData\Vorlagen
2013-03-19 19:59:55 -------- d-sh--we C:\ProgramData\Startmenü
2013-03-19 19:59:55 -------- d-sh--we C:\ProgramData\Favoriten
2013-03-19 19:59:55 -------- d-sh--we C:\ProgramData\Dokumente
2013-03-19 19:59:55 -------- d-sh--we C:\ProgramData\Anwendungsdaten
2013-03-19 19:59:55 -------- d-sh--we C:\Program Files\Gemeinsame Dateien
2013-03-19 19:59:55 -------- d-sh--we C:\Dokumente und Einstellungen
2013-03-19 19:59:55 -------- d-sh--w- C:\Recovery
2013-03-19 19:37:00 -------- d-----w- C:\Windows\SysWow64\x64
2013-03-19 19:36:59 970752 ----a-w- C:\Windows\SysWow64\ismbun.exe
2013-03-19 19:36:56 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2013-03-19 19:25:15 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-03-19 19:20:03 -------- d-----w- C:\Program Files (x86)\Etron Technology
2013-03-19 19:19:57 -------- d-----w- C:\ProgramData\EgisTec
2013-03-19 19:19:53 -------- d---a-w- C:\book
2013-03-19 19:19:37 54784 ----a-w- C:\Windows\System32\drivers\EtronHub3.sys
2013-03-19 19:17:02 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
.
==================== Find3M ====================
.
2013-03-20 04:06:49 2560 ----a-w- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2013-03-20 04:06:41 5632 ----a-w- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2013-03-20 04:06:41 2560 ----a-w- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2013-03-20 04:06:36 51712 ----a-w- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2013-03-20 04:06:35 29696 ----a-w- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui
2013-03-20 04:06:35 16896 ----a-w- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui
2013-03-19 22:45:42 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-18 08:22:18 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-02-18 08:22:18 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-02-18 08:22:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 19:16:03,74 ===============
--- --- --- Attach Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 19.03.2013 20:59:57
System Uptime: 22.03.2013 19:12:14 (0 hours ago)
.
Motherboard: Acer | | Predator G5910
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | CPU 1 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 300 GiB total, 211,679 GiB free.
D: is FIXED (NTFS) - 60 GiB total, 59,535 GiB free.
E: is FIXED (NTFS) - 617 GiB total, 614,78 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is FIXED (FAT32) - 466 GiB total, 48,686 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP12: 20.03.2013 22:45:39 - Installiert League of Legends
RP13: 21.03.2013 17:15:50 - Windows Update
RP14: 21.03.2013 17:46:19 - Windows Update
RP15: 21.03.2013 17:49:06 - TuneUp Utilities 2013 wird installiert
RP17: 21.03.2013 21:09:31 - TuneUp Utilities 2013 wird entfernt
RP18: 21.03.2013 21:10:00 - TuneUp Utilities Language Pack (de-DE) wird entfernt
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1 MUI
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
clear.fi
clear.fi Client
D3DX10
Etron USB3.0 Host Controller
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galeria fotogràfica del Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Guild Wars 2
Hotkey Utility
Identity Card
Intel Extreme Tuning Utility 2.1.408.41
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) SMBus
Intel® Watchdog Timer Driver (Intel® WDT)
Junk Mail filter update
League of Legends
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 19.0.2 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NVIDIA Grafiktreiber 267.85
NVIDIA HD-Audiotreiber 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 267.85
Pando Media Booster
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Shared C Run-time for x64
Shredder
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Welcome Center
Windows Live
Windows Live ???
Windows Live ????
Windows Live Argazki Galeria
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
World of Warcraft
.
==== End Of File ===========================
|
|
22.03.2013, 20:46
| #4 |
| /// TB-Ausbilder | Trojaner Yontoo html/expkit.gen3 Sieht sauber aus. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!  Schritt 2: Scan mit SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.03.2013, 21:51
| #5 |
| | Trojaner Yontoo html/expkit.gen3 Schritt 1 ESET Log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c9aabe8b1d99a7409a4ed742f344d9c1
# engine=13463
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-22 08:06:57
# local_time=2013-03-22 09:06:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 233981 115612667 0 0
# scanned=816
# found=0
# cleaned=0
# scan_time=133
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c9aabe8b1d99a7409a4ed742f344d9c1
# engine=13463
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-22 08:39:03
# local_time=2013-03-22 09:39:03 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 232307 115614593 0 0
# scanned=145953
# found=0
# cleaned=0
# scan_time=1863
Code:
ATTFilter Results of screen317's Security Check version 0.99.59
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.6.602.180
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (19.0.2)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
22.03.2013, 21:57
| #6 |
| /// TB-Ausbilder | Trojaner Yontoo html/expkit.gen3 Prima!  Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Schritt 2: ESET deinstallieren (Optional)
Schritt 3: Update: Adobe Reader
Probiere einen alternativen Viewer für pdf-Dokumente aus. Diese sind meist schlanker, schneller und schleusen sehr viel seltener Schädlinge ein. Mein Vorschlag:
Abschließend noch Tipps zu folgenden Themen:
Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
 Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Trojaner Yontoo html/expkit.gen3 |
|
22.03.2013, 22:21
| #7 |
| | Trojaner Yontoo html/expkit.gen3 Vielen Dank für die Tipps!! Ich werde auf jeden Fall besser aufpassen. Eine Frage hätte ich noch. Bevor ich mich hier im Forum gemeldet habe, hatte ich Recovery CDS vom System erstellt. Wäre es sinnvoll vielleicht jetzt Recovery CDS vom sauberen System herzustellen? Oder kann ich mir das sparen, weil mein System bereits sauber war? Kurzum hast du verdächtiges gefunden oder habe ich mit der Formatierung bereits alles gekillt? Ich hoffe, ich habe mich verständlich ausgedrückt. |
|
22.03.2013, 22:22
| #8 |
| /// TB-Ausbilder | Trojaner Yontoo html/expkit.gen3 Normalerweise werden diese Recovery CDs von einem sauberen Image hergestellt, ich würde mir da keine gedanken machen. Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Trojaner Yontoo html/expkit.gen3 |
| administrator, anti-malware, autostart, avira, code, dateien, explorer, folge, html/expkit.gen3, infiziert, install.exe, internet, internet explorer, internetseite, league of legends, malwarebytes, mcafee, msiinstaller, namen, neu, programme, recovery, richtlinie, safer networking, seiten, setup, spielen, suche, system, system neu, treiber, trojaner, trojaner-board, virus |
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
