| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: JS/Redirector.YJ hat meinen PC infiziert! was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.03.2013, 11:51
| #1 |
 |  JS/Redirector.YJ hat meinen PC infiziert! was tun? Hallo zusammen, Avira hat mir soeben folgenden Virenbefall gemeldet: JS/Redirector.YJ sowie EXP/CVE-210-0188.BL Ich habe beide Programme nun ins Quarantäneverzeichnis verschoben, aber laut google handelt es sich beim ersten Programm um einen wirklich gefährlichen Trojaner. Im Internet stoße ich nur auf englische Seiten, von denen ich ein removal-Programm herunterladen soll. Da diese Seiten mir aber auch nicht ganz geheuer erscheinen, wende ich mich an euch! Könnt ihr mir weiterhelfen und zeigen, wie ich vor allem den ersten Trojaner wieder loswerde? Sollte ich zudem alle Passwörter ändern? Bin ein wenig überfordert... Vielen Dank schon einmal für eure Antworten!! sisco |
|
30.03.2013, 17:54
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | JS/Redirector.YJ hat meinen PC infiziert! was tun? Hallo,
__________________Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
02.04.2013, 09:01
| #3 |
| | JS/Redirector.YJ hat meinen PC infiziert! was tun? Hallo cosinus,
__________________vielen Dank, dass du dir mir hilfst! hier die Logs: Code:
ATTFilter Exportierte Ereignisse:
30.03.2013 11:18 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Rosi\AppData\Local\Mozilla\Firefox\Profiles\t9rle8pm.default\Cache\4\B
5\E4ED5d01'
enthielt einen Virus oder unerwünschtes Programm 'JS/Redirector.YJ' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5c4f126a.qua'
verschoben!
30.03.2013 11:18 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Rosi\AppData\Local\Mozilla\Firefox\Profiles\t9rle8pm.default\Cache\2\0
A\4313Fd01'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2010-0188.BL'
[exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '44c43dcc.qua'
verschoben!
sisco |
|
02.04.2013, 11:53
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JS/Redirector.YJ hat meinen PC infiziert! was tun? Sind das alle Funde? Wenn ja sind das nur welche im Browsercache Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.04.2013, 16:00
| #5 |
| | JS/Redirector.YJ hat meinen PC infiziert! was tun? Hallo, ich habe nun otl laufen lassen und folgende Logs wurden erstellt: Code:
ATTFilter OTL logfile created on: 02.04.2013 16:52:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rosi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 66,23% Memory free 7,93 Gb Paging File | 6,33 Gb Available in Paging File | 79,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,95 Gb Total Space | 277,57 Gb Free Space | 60,88% Space Free | Partition Type: NTFS Drive D: | 456,46 Gb Total Space | 229,18 Gb Free Space | 50,21% Space Free | Partition Type: NTFS Computer Name: GOERAN-PC | User Name: Rosi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rosi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (Live Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3418318616-303698100-86319418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKU\S-1-5-21-3418318616-303698100-86319418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKU\S-1-5-21-3418318616-303698100-86319418-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3418318616-303698100-86319418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3418318616-303698100-86319418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: langpack-de%40firefox.mozilla.org:19.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.03.01 01:35:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2013.03.01 01:35:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 15:11:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.03.01 01:35:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 15:11:17 | 000,000,000 | ---D | M] [2013.03.01 00:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rosi\AppData\Roaming\mozilla\Extensions [2013.03.03 23:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rosi\AppData\Roaming\mozilla\Firefox\Profiles\t9rle8pm.default\extensions [2013.03.03 17:26:58 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Rosi\AppData\Roaming\mozilla\Firefox\Profiles\t9rle8pm.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.03.03 23:40:48 | 000,306,394 | ---- | M] () (No name found) -- C:\Users\Rosi\AppData\Roaming\mozilla\firefox\profiles\t9rle8pm.default\extensions\langpack-de@firefox.mozilla.org.xpi [2013.03.03 23:41:04 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Rosi\AppData\Roaming\mozilla\firefox\profiles\t9rle8pm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.09 15:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.03.09 15:11:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.16 02:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 02:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3418318616-303698100-86319418-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D393FBA-8CD0-4BF4-8E86-338905ED870C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hotkeyutility.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hotkeyutility.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.25 15:34:58 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.25 15:34:58 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.25 15:34:58 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.19 16:32:13 | 000,000,000 | R--D | C] -- C:\Users\Rosi\Favorites [2013.03.19 10:12:07 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.03.19 10:12:07 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.03.19 10:12:07 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.03.19 10:12:07 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.03.19 10:12:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.03.19 10:12:07 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.03.19 10:12:07 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.03.19 10:12:07 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.03.19 10:12:07 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.19 10:12:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.03.19 10:12:06 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.19 10:12:06 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.19 10:12:06 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.19 10:12:06 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.03.19 10:12:06 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.03.19 10:12:06 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.03.19 10:12:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.19 10:12:06 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.03.19 10:12:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.19 10:12:06 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.03.19 10:12:06 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.19 10:12:06 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.19 10:12:06 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.03.19 10:12:06 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.03.19 10:12:06 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.19 10:12:06 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.03.19 10:12:06 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.03.19 10:12:06 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.19 10:12:06 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.19 10:12:06 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.03.19 10:12:06 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.03.19 10:12:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.19 10:12:06 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.03.19 10:12:06 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.03.19 10:12:06 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.03.19 10:12:06 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.19 10:12:06 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.03.19 10:12:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.03.19 10:12:06 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.03.19 10:12:06 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.03.19 10:12:06 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.03.19 10:12:06 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.03.19 10:12:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.03.19 10:12:06 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.03.19 10:12:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.19 10:12:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.03.19 10:12:06 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.03.19 10:12:06 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.03.19 10:12:06 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.03.19 10:12:06 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.03.19 10:12:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.03.19 10:12:06 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.03.19 10:12:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.03.19 10:12:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.03.19 10:12:06 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.03.19 10:12:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.03.19 10:12:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.03.19 10:12:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.03.19 10:12:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.03.19 10:12:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.03.19 10:12:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.03.19 10:12:06 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.03.19 10:12:06 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.03.19 10:12:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.03.19 10:12:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.03.19 10:12:06 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.03.19 10:12:05 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.19 10:12:05 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.03.19 10:11:30 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.03.19 10:11:30 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.03.19 10:11:30 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.03.19 10:11:30 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.03.19 10:11:30 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.03.19 10:11:30 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.03.19 10:11:30 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.03.19 10:11:30 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.03.19 10:11:30 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.03.19 10:11:30 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.03.19 10:11:30 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.03.19 10:11:30 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.03.19 10:11:30 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.03.19 10:11:30 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.03.19 10:11:30 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.03.19 10:11:30 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.03.19 10:11:30 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.03.19 10:11:30 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.03.19 10:11:30 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.03.19 10:11:30 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.03.19 10:11:30 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.03.19 10:11:30 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.03.19 10:11:30 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.03.19 10:11:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.19 10:11:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.19 10:11:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.19 10:11:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.19 10:11:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.19 10:11:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.19 10:11:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.19 10:11:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.19 10:11:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.15 08:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.15 08:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.15 08:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.15 08:18:06 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.09 15:11:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.04 18:07:38 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Desktop\Geschichte [2013.03.04 18:07:29 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Desktop\Deutsch [2013.03.04 17:51:05 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Telefon & Internet [2013.03.04 17:50:57 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Studium [2013.03.04 17:49:17 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Desktop\Sonstiges [2013.03.04 17:49:12 | 000,000,000 | ---D | C] -- C:\Users\Rosi\schoolscout Rechnungen [2013.03.04 17:49:08 | 000,000,000 | ---D | C] -- C:\Users\Rosi\napster [2013.03.04 17:49:05 | 000,000,000 | ---D | C] -- C:\Users\Rosi\media markt, commerz finanz ipad [2013.03.04 17:49:02 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Desktop\Klassenlisten [2013.03.04 17:48:55 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Desktop\Klassenleitung [2013.03.04 17:48:49 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Kabeldeutschland [2013.03.04 17:48:47 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Inlingua [2013.03.04 17:48:45 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Grin Verlag [2013.03.04 17:48:42 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Finanzamt [2013.03.04 17:46:27 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Debeka [2013.03.04 17:46:23 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Bewerbung [2013.03.04 17:46:17 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Bafög u KfW-Bank [2013.03.04 17:46:13 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Arge [2013.03.04 17:46:10 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Allerlei [2013.03.03 23:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2013.03.03 23:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.03.03 23:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.03.03 17:44:18 | 000,000,000 | R--D | C] -- C:\Users\Rosi\Desktop\Schule [2013.03.03 17:23:02 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp [2013.03.03 17:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2013.03.03 17:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013.03.03 16:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 ========== Files - Modified Within 30 Days ========== [2013.04.02 16:52:17 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.02 16:52:17 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.02 16:49:24 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.02 16:49:24 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.02 16:49:24 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.02 16:49:24 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.02 16:49:24 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.02 16:44:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.02 16:44:47 | 3193,249,792 | -HS- | M] () -- C:\hiberfil.sys [2013.04.02 11:07:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.25 15:34:48 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.25 15:34:48 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.25 15:34:48 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.19 10:12:07 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.03.19 10:12:07 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.03.19 10:12:07 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.03.19 10:12:07 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.03.19 10:12:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.03.19 10:12:07 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.03.19 10:12:07 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.03.19 10:12:07 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.03.19 10:12:07 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.19 10:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.03.19 10:12:06 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.19 10:12:06 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.19 10:12:06 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.19 10:12:06 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.03.19 10:12:06 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.03.19 10:12:06 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.03.19 10:12:06 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.19 10:12:06 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.03.19 10:12:06 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.19 10:12:06 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.03.19 10:12:06 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.19 10:12:06 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.19 10:12:06 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.03.19 10:12:06 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.03.19 10:12:06 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.19 10:12:06 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.03.19 10:12:06 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.03.19 10:12:06 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.19 10:12:06 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.19 10:12:06 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.03.19 10:12:06 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.03.19 10:12:06 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.19 10:12:06 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.03.19 10:12:06 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.03.19 10:12:06 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.03.19 10:12:06 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.19 10:12:06 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.03.19 10:12:06 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.03.19 10:12:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.03.19 10:12:06 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.03.19 10:12:06 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.03.19 10:12:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.03.19 10:12:06 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.03.19 10:12:06 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.03.19 10:12:06 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.19 10:12:06 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.03.19 10:12:06 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.03.19 10:12:06 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.03.19 10:12:06 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.03.19 10:12:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.03.19 10:12:06 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.03.19 10:12:06 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.03.19 10:12:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.03.19 10:12:06 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.03.19 10:12:06 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.03.19 10:12:06 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.03.19 10:12:06 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.03.19 10:12:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.03.19 10:12:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.03.19 10:12:06 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.03.19 10:12:06 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.03.19 10:12:06 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.03.19 10:12:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.19 10:12:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.19 10:12:06 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.03.19 10:12:06 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.03.19 10:12:06 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.03.19 10:12:06 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.03.19 10:12:05 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.19 10:12:05 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.03.19 10:11:30 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.03.19 10:11:30 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.03.19 10:11:30 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.03.19 10:11:30 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.03.19 10:11:30 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.03.19 10:11:30 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.03.19 10:11:30 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.03.19 10:11:30 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.03.19 10:11:30 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.03.19 10:11:30 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.03.19 10:11:30 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.03.19 10:11:30 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.03.19 10:11:30 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.03.19 10:11:30 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.03.19 10:11:30 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.03.19 10:11:30 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.03.19 10:11:30 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.03.19 10:11:30 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.03.19 10:11:30 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.03.19 10:11:30 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.03.19 10:11:30 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.03.19 10:11:30 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.03.19 10:11:30 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.03.19 10:11:30 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.19 10:11:30 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.19 10:11:30 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.19 10:11:30 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.19 10:11:30 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.19 10:11:30 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.19 10:11:30 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.19 10:11:30 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.19 10:11:30 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.13 09:07:28 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 09:07:28 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.05 21:51:14 | 000,419,940 | ---- | M] () -- C:\Users\Rosi\Desktop\Erwarttungshorizont produktionsorientiertes Arbeiten.pdf [2013.03.05 21:44:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.03.03 23:47:48 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk ========== Files Created - No Company Name ========== [2013.03.19 10:12:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.19 10:12:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.05 21:51:14 | 000,419,940 | ---- | C] () -- C:\Users\Rosi\Desktop\Erwarttungshorizont produktionsorientiertes Arbeiten.pdf [2013.03.05 21:44:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.03.03 23:47:48 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.03.01 01:30:38 | 000,233,257 | ---- | C] () -- C:\Windows\hpoins47.dat.temp [2013.03.01 01:30:38 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp [2013.03.01 01:24:38 | 000,233,552 | ---- | C] () -- C:\Windows\hpoins47.dat [2012.06.14 23:02:07 | 000,001,354 | ---- | C] () -- C:\Users\Rosi\User's Guide.lnk [2012.03.01 15:22:22 | 000,417,600 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.04.2013 16:52:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rosi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 66,23% Memory free
7,93 Gb Paging File | 6,33 Gb Available in Paging File | 79,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,95 Gb Total Space | 277,57 Gb Free Space | 60,88% Space Free | Partition Type: NTFS
Drive D: | 456,46 Gb Total Space | 229,18 Gb Free Space | 50,21% Space Free | Partition Type: NTFS
Computer Name: GOERAN-PC | User Name: Rosi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3418318616-303698100-86319418-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA0661C-5F2E-45EC-A38B-C0AA4D30CE2D}" = rport=137 | protocol=17 | dir=out | app=system |
"{11A37091-3CEF-48B6-8A1C-A776390B9501}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1F0871D2-E17B-479D-8B9B-196510513B80}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2D71B3CA-03AA-4F7C-9659-4D1129EC6BD7}" = lport=138 | protocol=17 | dir=in | app=system |
"{3BF655C4-C6D0-40B5-9FED-91AB2E06F897}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{502948A5-EB3B-4737-B801-DE570A0809F0}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{51A52B44-B01E-49B3-B930-5BBF7B0AE896}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5D4C49AB-884D-4BB0-A2C4-1A21AAC55877}" = lport=137 | protocol=17 | dir=in | app=system |
"{5F33D060-84BB-498E-9902-B67C78990A86}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6CF85C39-6932-4AF0-B5C4-9B736495DEFA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79FA699D-D624-487A-8087-DF045EA118F6}" = lport=445 | protocol=6 | dir=in | app=system |
"{7D396022-8788-4FBA-B025-5B11D837784D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7E3ABCF9-9454-494B-8BD0-3ECB7A230D12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86D68EAA-1106-4350-8C46-0BF8CADF9D73}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A34E102A-0AB8-41FB-B16E-C152707748F9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A417FE74-39DB-419A-AF07-754B06E6029C}" = lport=139 | protocol=6 | dir=in | app=system |
"{AC9B01D2-796F-4B8A-B1A0-148432607AA4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3AE9FBD-C07F-4B42-B8EE-4B3C1CE253D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B429DF8C-9D45-41EC-80AA-A09671623D0B}" = rport=138 | protocol=17 | dir=out | app=system |
"{DEA21B6D-CF5B-4162-B3F9-7B51BD934942}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0654247-7F8D-429D-9021-453C80910081}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1E8B17B-0627-4B96-96C1-60F1622A3416}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E81C3042-0D0B-43B2-A845-8E9EFF118803}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9525E4B-A68A-484D-B136-B519B11B7C2A}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018F03AB-3359-4A3D-A10D-B88DFCC49391}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{06E4A77E-134F-4D89-9F66-1A6E80B68229}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0FA8AB7D-D00F-4B3B-99BB-F2967F97ABAD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{13A03F48-EADB-4FB7-91FD-8DB952CD4C76}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{17DF91D5-CEFB-429F-9939-31EA4F27B346}" = dir=in | app=e:\setup\hpznui40.exe |
"{1940791B-A93C-4AAB-82C5-5AABB67622EE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1CEF01A6-6B35-43A3-8C12-A3904F2603A9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{209C2D34-CE00-4518-9031-3D0735840941}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2520BC17-8791-4B8C-947A-15EE42D98CF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{27530172-4590-40ED-A47F-EEF0C3B90333}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{30774EC6-4AF9-49C6-BEF2-9A43CCF97405}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{30EE8891-4C8F-47DD-90A3-C4C49B452FAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4402CA14-0118-4FDC-94FA-04B4FAEF48D4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{499FA8DA-76DA-4A95-8CED-E598A27FDDF7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{577A8C1B-14E4-437E-981F-D3F4A75C208C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{5837F938-2AF1-43CF-A223-CAC28BBEC586}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{5DFA7E2A-8711-41CA-851A-9387E4A16EC5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A3074B9-78CE-47FA-BCBF-8C7AFDCBBE19}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{701C2918-A881-4B92-932B-572172EDD850}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{73F5A2CE-99D5-43A0-B3CA-600B8E2F8667}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75473EDD-0674-425D-86A0-4C3B8E348DE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84FF6C94-B601-450B-955A-B967F7B89EA2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{854E632B-9263-49CB-8B48-B6F9A12CBAD2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{99D27920-B27E-4E39-B047-A85B5A297E08}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9E6D7861-98F9-4EA3-AAAD-6A43529D76E7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9E89C057-0991-4E84-BAD1-B1EB2E974BE1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A46D09FB-5C41-45E2-94B1-A2234259A3CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AABBCF4C-F55B-483D-992B-7B9C38D5A8DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{ACE5BF5E-000A-4611-8DF1-49BBF278EF54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1E6432B-CB5A-4212-AF42-8A3D04E5CE9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8D24240-6472-4CBB-987C-47105C305D21}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BE3032A1-E487-4F58-9073-E53ADE5AE08C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{C519A0C2-209E-47BB-AE35-4FBD5BB6A64A}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{C80A85BC-8492-4264-8741-71337BAA8204}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C92AA394-90CB-4093-BD6C-9DC96490E919}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CBCBFE7B-F521-492B-8279-0DAE4E806291}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{D0006376-24BF-4342-8C62-50039B36D38A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC9EF5B6-D98A-4DEC-A87B-F6364AFA5AE3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{DD201BE8-6D75-43AA-815D-AE6258F71F52}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ED94BE44-CB38-422B-A65B-B95F2258C989}" = protocol=6 | dir=out | app=system |
"{EE1B996C-7BE6-4547-BD01-A9D9D0602C6D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F4032B35-5A63-4B86-A7D6-8B75A03AD28E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{F6EEDA01-D138-4600-AB1A-CE964C2D7B48}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{F86E4A56-E130-45EE-904E-4A21AE3B0142}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.14.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.02.2013 17:35:31 | Computer Name = Rosi-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.02.2013 17:45:13 | Computer Name = Rosi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x08ab0a9c ID des fehlerhaften
Prozesses: 0x984 Startzeit der fehlerhaften Anwendung: 0x01ce15fbc74420f1 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 2181c690-81f0-11e2-a761-eca86b8be0f9
Error - 28.02.2013 17:45:31 | Computer Name = Rosi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x753bc9f1 ID des fehlerhaften
Prozesses: 0x13bc Startzeit der fehlerhaften Anwendung: 0x01ce15fce7cadf0f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 2bfa49b0-81f0-11e2-a761-eca86b8be0f9
Error - 28.02.2013 17:45:50 | Computer Name = Rosi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x753bc9f1 ID des fehlerhaften
Prozesses: 0xbd4 Startzeit der fehlerhaften Anwendung: 0x01ce15fcf30618c8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 372dbb1c-81f0-11e2-a761-eca86b8be0f9
Error - 28.02.2013 17:53:54 | Computer Name = Rosi-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.02.2013 17:56:46 | Computer Name = Rosi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GameConsole-wt.exe, Version: 4.0.6.121,
Zeitstempel: 0x4e7a4bd3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038dc9 ID des fehlerhaften
Prozesses: 0xa90 Startzeit der fehlerhaften Anwendung: 0x01ce15fe6d7a7197 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: be9abb35-81f1-11e2-b80b-eca86b8be0f9
Error - 28.02.2013 19:30:29 | Computer Name = goeran-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.02.2013 20:01:14 | Computer Name = goeran-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.0.4794,
Zeitstempel: 0x511ed1c1 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.0.4794,
Zeitstempel: 0x511ed0fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00155858 ID des fehlerhaften
Prozesses: 0x11f8 Startzeit der fehlerhaften Anwendung: 0x01ce160f4e866cbf Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
217269da-8203-11e2-b797-eca86b8be0f9
Error - 01.03.2013 13:31:34 | Computer Name = goeran-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.03.2013 13:39:17 | Computer Name = goeran-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 01.03.2013 14:36:30 | Computer Name = goeran-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft XML Core Services
4.0 Service Pack 2 für x64-Systeme (KB954430)
Error - 01.03.2013 14:42:08 | Computer Name = goeran-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Update für Microsoft XML Core Services 4.0 Service
Pack 2 für x64-basierte Systeme (KB973688)
Error - 01.03.2013 14:51:32 | Computer Name = goeran-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Visual C++ 2008
Service Pack 1 Redistributable Package (KB2538243)
Error - 03.03.2013 10:51:04 | Computer Name = goeran-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%16405
Error - 03.03.2013 12:24:14 | Computer Name = goeran-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
Error - 03.03.2013 12:24:18 | Computer Name = goeran-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
Error - 03.03.2013 12:24:19 | Computer Name = goeran-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
Error - 03.03.2013 13:53:49 | Computer Name = goeran-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.
Error - 05.03.2013 14:48:08 | Computer Name = goeran-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{0D393FBA-8CD0-4BF4-8E86-338905ED870C} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 09.03.2013 09:50:34 | Computer Name = goeran-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{0D393FBA-8CD0-4BF4-8E86-338905ED870C} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
< End of report >
Vielen Dank sisco |
|
02.04.2013, 16:07
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JS/Redirector.YJ hat meinen PC infiziert! was tun? Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> JS/Redirector.YJ hat meinen PC infiziert! was tun? |
|
02.04.2013, 17:41
| #7 |
| | JS/Redirector.YJ hat meinen PC infiziert! was tun? Hallo nochmal, zunächst hat MBAR zwei malwares (komischerweise in itunes) gefunden, die letzte Logfile lautet nun: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.02.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Rosi :: GOERAN-PC [administrator]
02.04.2013 18:37:19
mbar-log-2013-04-02 (18-37-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 8427
Time elapsed: 5 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
sisco |
|
02.04.2013, 19:14
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JS/Redirector.YJ hat meinen PC infiziert! was tun? Was soll das, warum postest du nur das Log ohne Funde, bitte immer alle Logs posten, v.a. die mit Funden
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.04.2013, 19:20
| #9 |
| | JS/Redirector.YJ hat meinen PC infiziert! was tun? Alles klar, hier die Logfile von Gmer: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-02 17:24:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000DM rev.CC4B 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Rosi\AppData\Local\Temp\uxriapob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076211465 2 bytes [21, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762114bb 2 bytes [21, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [1832:1836] 0000000000f9d227
Thread C:\Windows\SysWOW64\ntdll.dll [1832:2196] 000000007345e2db
Thread C:\Windows\SysWOW64\ntdll.dll [1832:2292] 0000000071a88df0
Thread C:\Windows\SysWOW64\ntdll.dll [1832:2296] 0000000071a88df0
Thread C:\Windows\SysWOW64\ntdll.dll [1832:2300] 0000000071a88df0
Thread C:\Windows\SysWOW64\ntdll.dll [1832:2304] 0000000071a84e70
Thread C:\Windows\SysWOW64\ntdll.dll [3376:3380] 0000000000c43fe1
Thread C:\Windows\SysWOW64\ntdll.dll [3376:3460] 0000000074d28c3c
Thread C:\Windows\SysWOW64\ntdll.dll [3376:3464] 0000000074d28f11
Thread C:\Windows\SysWOW64\ntdll.dll [3376:3468] 0000000074d2882e
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.02.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Rosi :: GOERAN-PC [administrator]
02.04.2013 17:35:20
mbar-log-2013-04-02 (17-35-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 8447
Time elapsed: 5 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\itunes.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\itunes.exe (Security.Hijack) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
02.04.2013, 19:50
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JS/Redirector.YJ hat meinen PC infiziert! was tun? aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.04.2013, 21:01
| #11 |
| | JS/Redirector.YJ hat meinen PC infiziert! was tun? okay, anbei wieder die Logs: allerdings ist das Programm 'aswMBR.exe' abgestürzt, sodass ich unter AV Scan die Einstellung 'none' gewählt habe! hier die Logfile zu asw.MBR.exe: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-02 21:52:06
-----------------------------
21:52:06.329 OS Version: Windows x64 6.1.7601 Service Pack 1
21:52:06.329 Number of processors: 4 586 0x3A09
21:52:06.329 ComputerName: GOERAN-PC UserName: Rosi
21:52:07.202 Initialize success
21:52:12.943 AVAST engine defs: 13040200
21:52:19.542 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:52:19.542 Disk 0 Vendor: ST1000DM CC4B Size: 953869MB BusType: 3
21:52:19.620 Disk 0 MBR read successfully
21:52:19.636 Disk 0 MBR scan
21:52:19.636 Disk 0 Windows 7 default MBR code
21:52:19.636 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 19456 MB offset 2048
21:52:19.651 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 39847936
21:52:19.667 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466894 MB offset 40052736
21:52:19.682 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 467417 MB offset 996251648
21:52:19.714 Disk 0 scanning C:\Windows\system32\drivers
21:52:26.047 Service scanning
21:52:38.480 Modules scanning
21:52:38.480 Disk 0 trace - called modules:
21:52:38.496 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:52:38.496 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004728060]
21:52:38.512 3 CLASSPNP.SYS[fffff880013cd43f] -> nt!IofCallDriver -> [0xfffffa80036b88c0]
21:52:38.512 5 ACPI.sys[fffff88000ee47a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80044cd050]
21:52:38.512 Scan finished successfully
21:53:40.881 Disk 0 MBR has been saved successfully to "C:\Users\Rosi\Desktop\MBR.dat"
21:53:40.881 The log file has been saved successfully to "C:\Users\Rosi\Desktop\aswMBR.txt"
Code:
ATTFilter 21:55:25.0961 4644 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:55:26.0086 4644 ============================================================
21:55:26.0086 4644 Current date / time: 2013/04/02 21:55:26.0086
21:55:26.0086 4644 SystemInfo:
21:55:26.0086 4644
21:55:26.0086 4644 OS Version: 6.1.7601 ServicePack: 1.0
21:55:26.0086 4644 Product type: Workstation
21:55:26.0086 4644 ComputerName: GOERAN-PC
21:55:26.0086 4644 UserName: Rosi
21:55:26.0086 4644 Windows directory: C:\Windows
21:55:26.0086 4644 System windows directory: C:\Windows
21:55:26.0086 4644 Running under WOW64
21:55:26.0086 4644 Processor architecture: Intel x64
21:55:26.0086 4644 Number of processors: 4
21:55:26.0086 4644 Page size: 0x1000
21:55:26.0086 4644 Boot type: Normal boot
21:55:26.0086 4644 ============================================================
21:55:26.0523 4644 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:55:26.0538 4644 ============================================================
21:55:26.0538 4644 \Device\Harddisk0\DR0:
21:55:26.0538 4644 MBR partitions:
21:55:26.0538 4644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2600800, BlocksNum 0x32000
21:55:26.0538 4644 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2632800, BlocksNum 0x38FE7000
21:55:26.0538 4644 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B619800, BlocksNum 0x390EC800
21:55:26.0538 4644 ============================================================
21:55:26.0570 4644 C: <-> \Device\Harddisk0\DR0\Partition2
21:55:26.0585 4644 D: <-> \Device\Harddisk0\DR0\Partition3
21:55:26.0601 4644 ============================================================
21:55:26.0601 4644 Initialize success
21:55:26.0601 4644 ============================================================
21:56:18.0206 3576 ============================================================
21:56:18.0206 3576 Scan started
21:56:18.0206 3576 Mode: Manual; SigCheck; TDLFS;
21:56:18.0206 3576 ============================================================
21:56:18.0393 3576 ================ Scan system memory ========================
21:56:18.0393 3576 System memory - ok
21:56:18.0393 3576 ================ Scan services =============================
21:56:18.0486 3576 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:56:18.0580 3576 1394ohci - ok
21:56:18.0596 3576 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:56:18.0611 3576 ACPI - ok
21:56:18.0611 3576 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:56:18.0658 3576 AcpiPmi - ok
21:56:18.0752 3576 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:56:18.0767 3576 AdobeARMservice - ok
21:56:18.0861 3576 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:56:18.0876 3576 AdobeFlashPlayerUpdateSvc - ok
21:56:18.0892 3576 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:56:18.0908 3576 adp94xx - ok
21:56:18.0908 3576 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:56:18.0923 3576 adpahci - ok
21:56:18.0939 3576 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:56:18.0939 3576 adpu320 - ok
21:56:18.0970 3576 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:56:19.0064 3576 AeLookupSvc - ok
21:56:19.0079 3576 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:56:19.0110 3576 AFD - ok
21:56:19.0126 3576 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:56:19.0126 3576 agp440 - ok
21:56:19.0142 3576 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:56:19.0173 3576 ALG - ok
21:56:19.0173 3576 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:56:19.0188 3576 aliide - ok
21:56:19.0188 3576 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:56:19.0204 3576 amdide - ok
21:56:19.0204 3576 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:56:19.0235 3576 AmdK8 - ok
21:56:19.0235 3576 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:56:19.0266 3576 AmdPPM - ok
21:56:19.0266 3576 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:56:19.0282 3576 amdsata - ok
21:56:19.0282 3576 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:56:19.0298 3576 amdsbs - ok
21:56:19.0298 3576 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:56:19.0313 3576 amdxata - ok
21:56:19.0360 3576 [ 76544F01FA0D79CE6F525B6EB475BEF9 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
21:56:19.0376 3576 AntiVirMailService - ok
21:56:19.0391 3576 [ 90C69DF5FB36F8B74109583652575BD3 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:56:19.0407 3576 AntiVirSchedulerService - ok
21:56:19.0422 3576 [ B6F85597831F63C27FD278F4E05C3020 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:56:19.0422 3576 AntiVirService - ok
21:56:19.0438 3576 [ 932B178CF3840CFC8B0051523F657A8A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:56:19.0454 3576 AntiVirWebService - ok
21:56:19.0469 3576 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:56:19.0578 3576 AppID - ok
21:56:19.0594 3576 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:56:19.0625 3576 AppIDSvc - ok
21:56:19.0641 3576 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:56:19.0672 3576 Appinfo - ok
21:56:19.0719 3576 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:56:19.0734 3576 Apple Mobile Device - ok
21:56:19.0734 3576 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:56:19.0750 3576 arc - ok
21:56:19.0750 3576 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:56:19.0766 3576 arcsas - ok
21:56:19.0781 3576 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:56:19.0812 3576 AsyncMac - ok
21:56:19.0828 3576 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:56:19.0828 3576 atapi - ok
21:56:19.0844 3576 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:56:19.0875 3576 AudioEndpointBuilder - ok
21:56:19.0890 3576 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:56:19.0906 3576 AudioSrv - ok
21:56:19.0922 3576 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:56:19.0937 3576 avgntflt - ok
21:56:19.0953 3576 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:56:19.0968 3576 avipbb - ok
21:56:19.0984 3576 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:56:20.0000 3576 avkmgr - ok
21:56:20.0000 3576 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:56:20.0062 3576 AxInstSV - ok
21:56:20.0062 3576 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:56:20.0093 3576 b06bdrv - ok
21:56:20.0109 3576 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:56:20.0124 3576 b57nd60a - ok
21:56:20.0124 3576 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:56:20.0156 3576 BDESVC - ok
21:56:20.0156 3576 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:56:20.0187 3576 Beep - ok
21:56:20.0234 3576 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:56:20.0265 3576 BFE - ok
21:56:20.0296 3576 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:56:20.0374 3576 BITS - ok
21:56:20.0390 3576 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:56:20.0405 3576 blbdrive - ok
21:56:20.0452 3576 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:56:20.0452 3576 Bonjour Service - ok
21:56:20.0468 3576 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:56:20.0499 3576 bowser - ok
21:56:20.0499 3576 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:56:20.0499 3576 BrFiltLo - ok
21:56:20.0499 3576 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:56:20.0514 3576 BrFiltUp - ok
21:56:20.0530 3576 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:56:20.0546 3576 Browser - ok
21:56:20.0561 3576 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:56:20.0577 3576 Brserid - ok
21:56:20.0577 3576 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:56:20.0592 3576 BrSerWdm - ok
21:56:20.0592 3576 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:56:20.0608 3576 BrUsbMdm - ok
21:56:20.0608 3576 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:56:20.0608 3576 BrUsbSer - ok
21:56:20.0608 3576 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:56:20.0639 3576 BTHMODEM - ok
21:56:20.0639 3576 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:56:20.0655 3576 bthserv - ok
21:56:20.0655 3576 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:56:20.0686 3576 cdfs - ok
21:56:20.0686 3576 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:56:20.0702 3576 cdrom - ok
21:56:20.0717 3576 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:56:20.0733 3576 CertPropSvc - ok
21:56:20.0733 3576 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:56:20.0748 3576 circlass - ok
21:56:20.0764 3576 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:56:20.0764 3576 CLFS - ok
21:56:20.0826 3576 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:56:20.0842 3576 clr_optimization_v2.0.50727_32 - ok
21:56:20.0858 3576 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:56:20.0873 3576 clr_optimization_v2.0.50727_64 - ok
21:56:20.0920 3576 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:56:20.0936 3576 clr_optimization_v4.0.30319_32 - ok
21:56:20.0951 3576 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:56:20.0967 3576 clr_optimization_v4.0.30319_64 - ok
21:56:20.0967 3576 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:56:20.0982 3576 CmBatt - ok
21:56:20.0982 3576 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:56:20.0998 3576 cmdide - ok
21:56:21.0014 3576 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:56:21.0060 3576 CNG - ok
21:56:21.0060 3576 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:56:21.0076 3576 Compbatt - ok
21:56:21.0092 3576 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:56:21.0107 3576 CompositeBus - ok
21:56:21.0107 3576 COMSysApp - ok
21:56:21.0107 3576 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:56:21.0123 3576 crcdisk - ok
21:56:21.0138 3576 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:56:21.0170 3576 CryptSvc - ok
21:56:21.0185 3576 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:56:21.0232 3576 DcomLaunch - ok
21:56:21.0248 3576 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:56:21.0294 3576 defragsvc - ok
21:56:21.0294 3576 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:56:21.0326 3576 DfsC - ok
21:56:21.0341 3576 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:56:21.0372 3576 Dhcp - ok
21:56:21.0388 3576 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:56:21.0450 3576 discache - ok
21:56:21.0450 3576 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:56:21.0466 3576 Disk - ok
21:56:21.0466 3576 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:56:21.0513 3576 Dnscache - ok
21:56:21.0528 3576 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:56:21.0575 3576 dot3svc - ok
21:56:21.0575 3576 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:56:21.0606 3576 DPS - ok
21:56:21.0622 3576 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:56:21.0638 3576 drmkaud - ok
21:56:21.0653 3576 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:56:21.0684 3576 DXGKrnl - ok
21:56:21.0716 3576 [ 03F4C5C12FC1C69F838DA723475EF650 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
21:56:21.0731 3576 e1cexpress - ok
21:56:21.0747 3576 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:56:21.0778 3576 EapHost - ok
21:56:21.0825 3576 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:56:21.0903 3576 ebdrv - ok
21:56:21.0918 3576 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:56:21.0934 3576 EFS - ok
21:56:21.0981 3576 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:56:22.0028 3576 ehRecvr - ok
21:56:22.0043 3576 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:56:22.0059 3576 ehSched - ok
21:56:22.0074 3576 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:56:22.0106 3576 elxstor - ok
21:56:22.0106 3576 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:56:22.0121 3576 ErrDev - ok
21:56:22.0137 3576 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:56:22.0168 3576 EventSystem - ok
21:56:22.0168 3576 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:56:22.0199 3576 exfat - ok
21:56:22.0199 3576 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:56:22.0230 3576 fastfat - ok
21:56:22.0246 3576 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:56:22.0277 3576 Fax - ok
21:56:22.0293 3576 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:56:22.0293 3576 fdc - ok
21:56:22.0293 3576 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:56:22.0324 3576 fdPHost - ok
21:56:22.0340 3576 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:56:22.0371 3576 FDResPub - ok
21:56:22.0371 3576 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:56:22.0371 3576 FileInfo - ok
21:56:22.0371 3576 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:56:22.0402 3576 Filetrace - ok
21:56:22.0418 3576 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:56:22.0433 3576 flpydisk - ok
21:56:22.0433 3576 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:56:22.0433 3576 FltMgr - ok
21:56:22.0464 3576 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
21:56:22.0496 3576 FontCache - ok
21:56:22.0527 3576 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:56:22.0542 3576 FontCache3.0.0.0 - ok
21:56:22.0542 3576 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:56:22.0558 3576 FsDepends - ok
21:56:22.0574 3576 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:56:22.0589 3576 Fs_Rec - ok
21:56:22.0589 3576 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:56:22.0605 3576 fvevol - ok
21:56:22.0620 3576 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:56:22.0636 3576 gagp30kx - ok
21:56:22.0652 3576 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:56:22.0652 3576 GEARAspiWDM - ok
21:56:22.0683 3576 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:56:22.0698 3576 gpsvc - ok
21:56:22.0761 3576 [ 32096F187020A54D29C95B3A1467D963 ] GREGService C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
21:56:22.0776 3576 GREGService - ok
21:56:22.0776 3576 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:56:22.0823 3576 hcw85cir - ok
21:56:22.0854 3576 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:56:22.0870 3576 HdAudAddService - ok
21:56:22.0886 3576 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:56:22.0901 3576 HDAudBus - ok
21:56:22.0901 3576 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:56:22.0917 3576 HidBatt - ok
21:56:22.0917 3576 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:56:22.0948 3576 HidBth - ok
21:56:22.0948 3576 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:56:22.0964 3576 HidIr - ok
21:56:22.0964 3576 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:56:23.0026 3576 hidserv - ok
21:56:23.0042 3576 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:56:23.0042 3576 HidUsb - ok
21:56:23.0057 3576 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:56:23.0088 3576 hkmsvc - ok
21:56:23.0088 3576 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:56:23.0104 3576 HomeGroupListener - ok
21:56:23.0120 3576 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:56:23.0135 3576 HomeGroupProvider - ok
21:56:23.0198 3576 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:56:23.0588 3576 hpqcxs08 - ok
21:56:23.0603 3576 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:56:23.0619 3576 hpqddsvc - ok
21:56:23.0619 3576 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:56:23.0634 3576 HpSAMD - ok
21:56:23.0681 3576 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:56:23.0712 3576 HPSLPSVC - ok
21:56:23.0728 3576 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:56:23.0775 3576 HTTP - ok
21:56:23.0775 3576 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:56:23.0790 3576 hwpolicy - ok
21:56:23.0790 3576 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:56:23.0806 3576 i8042prt - ok
21:56:23.0822 3576 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:56:23.0822 3576 iaStor - ok
21:56:23.0868 3576 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:56:23.0868 3576 IAStorDataMgrSvc - ok
21:56:23.0884 3576 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:56:23.0900 3576 iaStorV - ok
21:56:23.0931 3576 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:56:23.0962 3576 idsvc - ok
21:56:23.0962 3576 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:56:23.0962 3576 iirsp - ok
21:56:23.0993 3576 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:56:24.0024 3576 IKEEXT - ok
21:56:24.0071 3576 [ B3137FD9C696544E405699BBD66B1E65 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:56:24.0149 3576 IntcAzAudAddService - ok
21:56:24.0165 3576 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:56:24.0180 3576 Intel(R) Capability Licensing Service Interface - ok
21:56:24.0180 3576 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:56:24.0196 3576 intelide - ok
21:56:24.0196 3576 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:56:24.0212 3576 intelppm - ok
21:56:24.0227 3576 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:56:24.0290 3576 IPBusEnum - ok
21:56:24.0290 3576 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:56:24.0305 3576 IpFilterDriver - ok
21:56:24.0321 3576 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:56:24.0352 3576 iphlpsvc - ok
21:56:24.0352 3576 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:56:24.0352 3576 IPMIDRV - ok
21:56:24.0368 3576 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:56:24.0383 3576 IPNAT - ok
21:56:24.0414 3576 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:56:24.0430 3576 iPod Service - ok
21:56:24.0430 3576 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:56:24.0446 3576 IRENUM - ok
21:56:24.0446 3576 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:56:24.0461 3576 isapnp - ok
21:56:24.0461 3576 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:56:24.0477 3576 iScsiPrt - ok
21:56:24.0508 3576 [ 468F7516B4030603BA9D1427CCEACDF9 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:56:24.0508 3576 jhi_service - ok
21:56:24.0508 3576 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:56:24.0524 3576 kbdclass - ok
21:56:24.0524 3576 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:56:24.0539 3576 kbdhid - ok
21:56:24.0555 3576 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:56:24.0570 3576 KeyIso - ok
21:56:24.0586 3576 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:56:24.0602 3576 KSecDD - ok
21:56:24.0617 3576 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:56:24.0633 3576 KSecPkg - ok
21:56:24.0633 3576 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:56:24.0680 3576 ksthunk - ok
21:56:24.0711 3576 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:56:24.0742 3576 KtmRm - ok
21:56:24.0758 3576 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:56:24.0789 3576 LanmanServer - ok
21:56:24.0804 3576 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:56:24.0836 3576 LanmanWorkstation - ok
21:56:24.0882 3576 [ 6BB516A31DE232DAB436FF3A117E1E80 ] Live Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
21:56:24.0882 3576 Live Updater Service - ok
21:56:24.0882 3576 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:56:24.0929 3576 lltdio - ok
21:56:24.0945 3576 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:56:24.0976 3576 lltdsvc - ok
21:56:24.0976 3576 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:56:25.0038 3576 lmhosts - ok
21:56:25.0054 3576 [ B114B200CCDEBC7EBD8EF5D783819386 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:56:25.0070 3576 LMS - ok
21:56:25.0085 3576 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:56:25.0101 3576 LSI_FC - ok
21:56:25.0116 3576 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:56:25.0132 3576 LSI_SAS - ok
21:56:25.0132 3576 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:56:25.0148 3576 LSI_SAS2 - ok
21:56:25.0163 3576 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:56:25.0163 3576 LSI_SCSI - ok
21:56:25.0179 3576 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:56:25.0194 3576 luafv - ok
21:56:25.0210 3576 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:56:25.0226 3576 Mcx2Svc - ok
21:56:25.0226 3576 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:56:25.0226 3576 megasas - ok
21:56:25.0241 3576 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:56:25.0241 3576 MegaSR - ok
21:56:25.0272 3576 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:56:25.0272 3576 MEIx64 - ok
21:56:25.0272 3576 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:56:25.0304 3576 MMCSS - ok
21:56:25.0304 3576 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:56:25.0319 3576 Modem - ok
21:56:25.0319 3576 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:56:25.0335 3576 monitor - ok
21:56:25.0350 3576 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:56:25.0366 3576 mouclass - ok
21:56:25.0366 3576 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:56:25.0366 3576 mouhid - ok
21:56:25.0382 3576 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:56:25.0382 3576 mountmgr - ok
21:56:25.0413 3576 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:56:25.0428 3576 MozillaMaintenance - ok
21:56:25.0428 3576 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:56:25.0444 3576 mpio - ok
21:56:25.0444 3576 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:56:25.0460 3576 mpsdrv - ok
21:56:25.0475 3576 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:56:25.0506 3576 MpsSvc - ok
21:56:25.0522 3576 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:56:25.0538 3576 MRxDAV - ok
21:56:25.0553 3576 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:56:25.0584 3576 mrxsmb - ok
21:56:25.0600 3576 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:56:25.0616 3576 mrxsmb10 - ok
21:56:25.0616 3576 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:56:25.0631 3576 mrxsmb20 - ok
21:56:25.0631 3576 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:56:25.0631 3576 msahci - ok
21:56:25.0647 3576 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:56:25.0647 3576 msdsm - ok
21:56:25.0662 3576 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:56:25.0678 3576 MSDTC - ok
21:56:25.0678 3576 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:56:25.0694 3576 Msfs - ok
21:56:25.0694 3576 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:56:25.0709 3576 mshidkmdf - ok
21:56:25.0725 3576 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:56:25.0740 3576 msisadrv - ok
21:56:25.0756 3576 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:56:25.0772 3576 MSiSCSI - ok
21:56:25.0772 3576 msiserver - ok
21:56:25.0787 3576 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:56:25.0803 3576 MSKSSRV - ok
21:56:25.0803 3576 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:56:25.0834 3576 MSPCLOCK - ok
21:56:25.0850 3576 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:56:25.0865 3576 MSPQM - ok
21:56:25.0865 3576 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:56:25.0881 3576 MsRPC - ok
21:56:25.0881 3576 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:56:25.0896 3576 mssmbios - ok
21:56:25.0896 3576 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:56:25.0928 3576 MSTEE - ok
21:56:25.0928 3576 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:56:25.0928 3576 MTConfig - ok
21:56:25.0928 3576 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:56:25.0943 3576 Mup - ok
21:56:25.0959 3576 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:56:25.0974 3576 napagent - ok
21:56:25.0990 3576 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:56:26.0006 3576 NativeWifiP - ok
21:56:26.0037 3576 [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
21:56:26.0068 3576 NAUpdate - ok
21:56:26.0084 3576 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:56:26.0115 3576 NDIS - ok
21:56:26.0115 3576 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:56:26.0146 3576 NdisCap - ok
21:56:26.0162 3576 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:56:26.0177 3576 NdisTapi - ok
21:56:26.0193 3576 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:56:26.0208 3576 Ndisuio - ok
21:56:26.0208 3576 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:56:26.0255 3576 NdisWan - ok
21:56:26.0255 3576 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:56:26.0271 3576 NDProxy - ok
21:56:26.0302 3576 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:56:26.0302 3576 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:56:26.0302 3576 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:56:26.0302 3576 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:56:26.0333 3576 NetBIOS - ok
21:56:26.0349 3576 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:56:26.0364 3576 NetBT - ok
21:56:26.0380 3576 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:56:26.0380 3576 Netlogon - ok
21:56:26.0411 3576 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:56:26.0458 3576 Netman - ok
21:56:26.0458 3576 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:56:26.0489 3576 netprofm - ok
21:56:26.0520 3576 [ AF5F224A600F50B7D2B77F4AE59C1ABE ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
21:56:26.0552 3576 netr28x - ok
21:56:26.0567 3576 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:56:26.0583 3576 NetTcpPortSharing - ok
21:56:26.0598 3576 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:56:26.0598 3576 nfrd960 - ok
21:56:26.0614 3576 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:56:26.0614 3576 NlaSvc - ok
21:56:26.0614 3576 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:56:26.0645 3576 Npfs - ok
21:56:26.0645 3576 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:56:26.0676 3576 nsi - ok
21:56:26.0676 3576 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:56:26.0708 3576 nsiproxy - ok
21:56:26.0739 3576 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:56:26.0786 3576 Ntfs - ok
21:56:26.0786 3576 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:56:26.0801 3576 Null - ok
21:56:26.0817 3576 [ 4C31806AD9A8A6F410E4F8308E67AD30 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:56:26.0832 3576 NVHDA - ok
21:56:26.0973 3576 [ D5E05CDBE385F16044E104E2ECFCC4FB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:56:27.0207 3576 nvlddmkm - ok
21:56:27.0222 3576 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:56:27.0238 3576 nvraid - ok
21:56:27.0238 3576 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:56:27.0238 3576 nvstor - ok
21:56:27.0269 3576 [ D1FB256B53D819E31584009CF4D8868F ] nvsvc C:\Windows\system32\nvvsvc.exe
21:56:27.0285 3576 nvsvc - ok
21:56:27.0285 3576 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:56:27.0300 3576 nv_agp - ok
21:56:27.0300 3576 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:56:27.0300 3576 ohci1394 - ok
21:56:27.0363 3576 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:56:27.0378 3576 ose - ok
21:56:27.0456 3576 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:56:27.0534 3576 osppsvc - ok
21:56:27.0550 3576 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:56:27.0566 3576 p2pimsvc - ok
21:56:27.0581 3576 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:56:27.0597 3576 p2psvc - ok
21:56:27.0597 3576 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:56:27.0612 3576 Parport - ok
21:56:27.0628 3576 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:56:27.0644 3576 partmgr - ok
21:56:27.0644 3576 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:56:27.0675 3576 PcaSvc - ok
21:56:27.0675 3576 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:56:27.0690 3576 pci - ok
21:56:27.0706 3576 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:56:27.0706 3576 pciide - ok
21:56:27.0706 3576 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:56:27.0722 3576 pcmcia - ok
21:56:27.0722 3576 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:56:27.0722 3576 pcw - ok
21:56:27.0737 3576 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:56:27.0768 3576 PEAUTH - ok
21:56:27.0815 3576 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:56:27.0831 3576 PerfHost - ok
21:56:27.0862 3576 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:56:27.0924 3576 pla - ok
21:56:27.0956 3576 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:56:27.0971 3576 PlugPlay - ok
21:56:27.0987 3576 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:56:28.0002 3576 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:56:28.0002 3576 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:56:28.0018 3576 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:56:28.0034 3576 PNRPAutoReg - ok
21:56:28.0034 3576 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:56:28.0049 3576 PNRPsvc - ok
21:56:28.0065 3576 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:56:28.0112 3576 PolicyAgent - ok
21:56:28.0112 3576 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:56:28.0143 3576 Power - ok
21:56:28.0158 3576 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:56:28.0190 3576 PptpMiniport - ok
21:56:28.0205 3576 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:56:28.0221 3576 Processor - ok
21:56:28.0252 3576 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:56:28.0268 3576 ProfSvc - ok
21:56:28.0283 3576 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:56:28.0299 3576 ProtectedStorage - ok
21:56:28.0314 3576 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:56:28.0361 3576 Psched - ok
21:56:28.0392 3576 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:56:28.0439 3576 ql2300 - ok
21:56:28.0439 3576 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:56:28.0455 3576 ql40xx - ok
21:56:28.0455 3576 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:56:28.0470 3576 QWAVE - ok
21:56:28.0470 3576 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:56:28.0486 3576 QWAVEdrv - ok
21:56:28.0486 3576 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:56:28.0502 3576 RasAcd - ok
21:56:28.0533 3576 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:56:28.0548 3576 RasAgileVpn - ok
21:56:28.0548 3576 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:56:28.0564 3576 RasAuto - ok
21:56:28.0580 3576 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:56:28.0611 3576 Rasl2tp - ok
21:56:28.0642 3576 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:56:28.0658 3576 RasMan - ok
21:56:28.0658 3576 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:56:28.0689 3576 RasPppoe - ok
21:56:28.0689 3576 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:56:28.0704 3576 RasSstp - ok
21:56:28.0704 3576 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:56:28.0736 3576 rdbss - ok
21:56:28.0736 3576 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:56:28.0751 3576 rdpbus - ok
21:56:28.0751 3576 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:56:28.0782 3576 RDPCDD - ok
21:56:28.0782 3576 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:56:28.0814 3576 RDPENCDD - ok
21:56:28.0814 3576 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:56:28.0845 3576 RDPREFMP - ok
21:56:28.0860 3576 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:56:28.0876 3576 RDPWD - ok
21:56:28.0876 3576 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:56:28.0892 3576 rdyboost - ok
21:56:28.0907 3576 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:56:28.0923 3576 RemoteAccess - ok
21:56:28.0923 3576 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:56:28.0954 3576 RemoteRegistry - ok
21:56:28.0970 3576 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:56:28.0985 3576 RpcEptMapper - ok
21:56:29.0001 3576 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:56:29.0016 3576 RpcLocator - ok
21:56:29.0032 3576 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:56:29.0063 3576 RpcSs - ok
21:56:29.0063 3576 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:56:29.0094 3576 rspndr - ok
21:56:29.0094 3576 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:56:29.0094 3576 SamSs - ok
21:56:29.0110 3576 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:56:29.0126 3576 sbp2port - ok
21:56:29.0126 3576 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:56:29.0157 3576 SCardSvr - ok
21:56:29.0157 3576 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:56:29.0188 3576 scfilter - ok
21:56:29.0204 3576 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:56:29.0250 3576 Schedule - ok
21:56:29.0266 3576 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:56:29.0297 3576 SCPolicySvc - ok
21:56:29.0313 3576 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:56:29.0313 3576 SDRSVC - ok
21:56:29.0313 3576 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:56:29.0344 3576 secdrv - ok
21:56:29.0360 3576 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:56:29.0375 3576 seclogon - ok
21:56:29.0375 3576 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:56:29.0406 3576 SENS - ok
21:56:29.0406 3576 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:56:29.0422 3576 SensrSvc - ok
21:56:29.0438 3576 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:56:29.0453 3576 Serenum - ok
21:56:29.0469 3576 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:56:29.0500 3576 Serial - ok
21:56:29.0516 3576 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:56:29.0531 3576 sermouse - ok
21:56:29.0547 3576 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:56:29.0594 3576 SessionEnv - ok
21:56:29.0609 3576 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:56:29.0609 3576 sffdisk - ok
21:56:29.0609 3576 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:56:29.0625 3576 sffp_mmc - ok
21:56:29.0625 3576 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:56:29.0640 3576 sffp_sd - ok
21:56:29.0640 3576 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:56:29.0656 3576 sfloppy - ok
21:56:29.0672 3576 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:56:29.0687 3576 SharedAccess - ok
21:56:29.0703 3576 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:56:29.0718 3576 ShellHWDetection - ok
21:56:29.0750 3576 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:56:29.0750 3576 SiSRaid2 - ok
21:56:29.0750 3576 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:56:29.0765 3576 SiSRaid4 - ok
21:56:29.0765 3576 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:56:29.0796 3576 Smb - ok
21:56:29.0796 3576 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:56:29.0812 3576 SNMPTRAP - ok
21:56:29.0828 3576 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:56:29.0828 3576 spldr - ok
21:56:29.0859 3576 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:56:29.0874 3576 Spooler - ok
21:56:29.0906 3576 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:56:29.0968 3576 sppsvc - ok
21:56:29.0999 3576 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:56:30.0015 3576 sppuinotify - ok
21:56:30.0030 3576 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:56:30.0046 3576 srv - ok
21:56:30.0046 3576 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:56:30.0062 3576 srv2 - ok
21:56:30.0077 3576 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:56:30.0077 3576 srvnet - ok
21:56:30.0108 3576 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:56:30.0124 3576 SSDPSRV - ok
21:56:30.0124 3576 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:56:30.0155 3576 SstpSvc - ok
21:56:30.0186 3576 [ A557A9C135B6355345D7B7803BF47E25 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:56:30.0186 3576 Stereo Service - ok
21:56:30.0202 3576 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:56:30.0202 3576 stexstor - ok
21:56:30.0218 3576 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:56:30.0233 3576 StillCam - ok
21:56:30.0249 3576 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:56:30.0264 3576 stisvc - ok
21:56:30.0264 3576 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:56:30.0280 3576 swenum - ok
21:56:30.0280 3576 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:56:30.0311 3576 swprv - ok
21:56:30.0342 3576 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:56:30.0389 3576 SysMain - ok
21:56:30.0389 3576 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:56:30.0405 3576 TabletInputService - ok
21:56:30.0420 3576 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:56:30.0452 3576 TapiSrv - ok
21:56:30.0452 3576 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:56:30.0483 3576 TBS - ok
21:56:30.0514 3576 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:56:30.0545 3576 Tcpip - ok
21:56:30.0576 3576 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:56:30.0592 3576 TCPIP6 - ok
21:56:30.0608 3576 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:56:30.0623 3576 tcpipreg - ok
21:56:30.0639 3576 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:56:30.0654 3576 TDPIPE - ok
21:56:30.0686 3576 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:56:30.0686 3576 TDTCP - ok
21:56:30.0701 3576 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:56:30.0717 3576 tdx - ok
21:56:30.0732 3576 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:56:30.0732 3576 TermDD - ok
21:56:30.0748 3576 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:56:30.0779 3576 TermService - ok
21:56:30.0779 3576 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:56:30.0795 3576 Themes - ok
21:56:30.0810 3576 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:56:30.0826 3576 THREADORDER - ok
21:56:30.0826 3576 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:56:30.0857 3576 TrkWks - ok
21:56:30.0873 3576 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:56:30.0920 3576 TrustedInstaller - ok
21:56:30.0920 3576 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:56:30.0935 3576 tssecsrv - ok
21:56:30.0935 3576 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:56:30.0982 3576 TsUsbFlt - ok
21:56:30.0982 3576 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:56:31.0013 3576 TsUsbGD - ok
21:56:31.0091 3576 [ 50D8102EECC446F160C8C31AF927242D ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
21:56:31.0154 3576 TuneUp.UtilitiesSvc - ok
21:56:31.0185 3576 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
21:56:31.0200 3576 TuneUpUtilitiesDrv - ok
21:56:31.0216 3576 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:56:31.0247 3576 tunnel - ok
21:56:31.0247 3576 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:56:31.0263 3576 uagp35 - ok
21:56:31.0278 3576 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:56:31.0294 3576 udfs - ok
21:56:31.0310 3576 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:56:31.0310 3576 UI0Detect - ok
21:56:31.0325 3576 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:56:31.0325 3576 uliagpkx - ok
21:56:31.0325 3576 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:56:31.0341 3576 umbus - ok
21:56:31.0356 3576 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:56:31.0372 3576 UmPass - ok
21:56:31.0403 3576 [ 6617E7CC9DC6729A11BFF54C47CEA7D0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:56:31.0419 3576 UNS - ok
21:56:31.0434 3576 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:56:31.0466 3576 upnphost - ok
21:56:31.0481 3576 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:56:31.0497 3576 USBAAPL64 - ok
21:56:31.0512 3576 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:56:31.0528 3576 usbccgp - ok
21:56:31.0528 3576 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:56:31.0544 3576 usbcir - ok
21:56:31.0544 3576 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:56:31.0559 3576 usbehci - ok
21:56:31.0575 3576 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
21:56:31.0590 3576 usbhub - ok
21:56:31.0606 3576 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:56:31.0622 3576 usbohci - ok
21:56:31.0622 3576 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:56:31.0637 3576 usbprint - ok
21:56:31.0637 3576 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:56:31.0653 3576 USBSTOR - ok
21:56:31.0653 3576 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:56:31.0668 3576 usbuhci - ok
21:56:31.0668 3576 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:56:31.0684 3576 UxSms - ok
21:56:31.0700 3576 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:56:31.0700 3576 VaultSvc - ok
21:56:31.0715 3576 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:56:31.0715 3576 vdrvroot - ok
21:56:31.0731 3576 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:56:31.0762 3576 vds - ok
21:56:31.0778 3576 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:56:31.0778 3576 vga - ok
21:56:31.0778 3576 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:56:31.0809 3576 VgaSave - ok
21:56:31.0809 3576 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:56:31.0809 3576 vhdmp - ok
21:56:31.0824 3576 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:56:31.0824 3576 viaide - ok
21:56:31.0824 3576 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:56:31.0824 3576 volmgr - ok
21:56:31.0856 3576 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:56:31.0856 3576 volmgrx - ok
21:56:31.0856 3576 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:56:31.0871 3576 volsnap - ok
21:56:31.0887 3576 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:56:31.0887 3576 vsmraid - ok
21:56:31.0918 3576 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:56:31.0965 3576 VSS - ok
21:56:31.0965 3576 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:56:31.0980 3576 vwifibus - ok
21:56:31.0980 3576 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:56:31.0996 3576 vwififlt - ok
21:56:32.0027 3576 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:56:32.0043 3576 W32Time - ok
21:56:32.0043 3576 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:56:32.0058 3576 WacomPen - ok
21:56:32.0058 3576 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:56:32.0090 3576 WANARP - ok
21:56:32.0090 3576 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:56:32.0105 3576 Wanarpv6 - ok
21:56:32.0136 3576 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:56:32.0183 3576 wbengine - ok
21:56:32.0183 3576 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:56:32.0199 3576 WbioSrvc - ok
21:56:32.0199 3576 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:56:32.0230 3576 wcncsvc - ok
21:56:32.0230 3576 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:56:32.0261 3576 WcsPlugInService - ok
21:56:32.0261 3576 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:56:32.0261 3576 Wd - ok
21:56:32.0292 3576 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:56:32.0308 3576 Wdf01000 - ok
21:56:32.0308 3576 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:56:32.0386 3576 WdiServiceHost - ok
21:56:32.0386 3576 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:56:32.0402 3576 WdiSystemHost - ok
21:56:32.0402 3576 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:56:32.0433 3576 WebClient - ok
21:56:32.0433 3576 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:56:32.0464 3576 Wecsvc - ok
21:56:32.0480 3576 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:56:32.0495 3576 wercplsupport - ok
21:56:32.0495 3576 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:56:32.0526 3576 WerSvc - ok
21:56:32.0526 3576 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:56:32.0542 3576 WfpLwf - ok
21:56:32.0558 3576 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:56:32.0558 3576 WIMMount - ok
21:56:32.0573 3576 WinDefend - ok
21:56:32.0573 3576 WinHttpAutoProxySvc - ok
21:56:32.0604 3576 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:56:32.0636 3576 Winmgmt - ok
21:56:32.0682 3576 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:56:32.0729 3576 WinRM - ok
21:56:32.0745 3576 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:56:32.0776 3576 WinUsb - ok
21:56:32.0792 3576 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:56:32.0823 3576 Wlansvc - ok
21:56:32.0854 3576 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:56:32.0870 3576 wlcrasvc - ok
21:56:32.0916 3576 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:56:32.0994 3576 wlidsvc - ok
21:56:32.0994 3576 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:56:32.0994 3576 WmiAcpi - ok
21:56:33.0010 3576 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:56:33.0041 3576 wmiApSrv - ok
21:56:33.0057 3576 WMPNetworkSvc - ok
21:56:33.0057 3576 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:56:33.0072 3576 WPCSvc - ok
21:56:33.0088 3576 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:56:33.0119 3576 WPDBusEnum - ok
21:56:33.0135 3576 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:56:33.0150 3576 ws2ifsl - ok
21:56:33.0166 3576 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:56:33.0182 3576 wscsvc - ok
21:56:33.0182 3576 WSearch - ok
21:56:33.0213 3576 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:56:33.0260 3576 wuauserv - ok
21:56:33.0275 3576 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:56:33.0291 3576 WudfPf - ok
21:56:33.0306 3576 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:56:33.0322 3576 WUDFRd - ok
21:56:33.0353 3576 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:56:33.0369 3576 wudfsvc - ok
21:56:33.0384 3576 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:56:33.0384 3576 WwanSvc - ok
21:56:33.0416 3576 ================ Scan global ===============================
21:56:33.0416 3576 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:56:33.0447 3576 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:56:33.0447 3576 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:56:33.0462 3576 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:56:33.0478 3576 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:56:33.0478 3576 [Global] - ok
21:56:33.0478 3576 ================ Scan MBR ==================================
21:56:33.0494 3576 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:56:33.0696 3576 \Device\Harddisk0\DR0 - ok
21:56:33.0696 3576 ================ Scan VBR ==================================
21:56:33.0696 3576 [ A13EEF35F490AAF2BD1E8926E1522E0E ] \Device\Harddisk0\DR0\Partition1
21:56:33.0696 3576 \Device\Harddisk0\DR0\Partition1 - ok
21:56:33.0712 3576 [ 94AC717B492DCD29939A536BD0A4DADD ] \Device\Harddisk0\DR0\Partition2
21:56:33.0712 3576 \Device\Harddisk0\DR0\Partition2 - ok
21:56:33.0728 3576 [ 3B496AAB2DE888069A7F738EAF77ADEA ] \Device\Harddisk0\DR0\Partition3
21:56:33.0728 3576 \Device\Harddisk0\DR0\Partition3 - ok
21:56:33.0728 3576 ============================================================
21:56:33.0728 3576 Scan finished
21:56:33.0728 3576 ============================================================
21:56:33.0728 3944 Detected object count: 2
21:56:33.0728 3944 Actual detected object count: 2
21:57:09.0155 3944 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:57:09.0155 3944 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:57:09.0155 3944 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:57:09.0155 3944 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:57:16.0066 3624 Deinitialize success
|
|
03.04.2013, 10:33
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JS/Redirector.YJ hat meinen PC infiziert! was tun? Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.04.2013, 16:36
| #13 |
| | JS/Redirector.YJ hat meinen PC infiziert! was tun? Hallo, habe nun combofix ausgeführt und folgende Logfile erhalten: Code:
ATTFilter ComboFix 13-04-02.01 - Rosi 03.04.2013 17:29:41.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4060.2630 [GMT 2:00]
ausgeführt von:: c:\users\Rosi\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-03 bis 2013-04-03 ))))))))))))))))))))))))))))))
.
.
2013-04-03 15:32 . 2013-04-03 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-02 15:29 . 2013-04-02 15:29 -------- d-----w- c:\programdata\Malwarebytes
2013-03-25 13:34 . 2013-03-25 13:34 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-25 13:34 . 2013-03-25 13:34 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-25 13:34 . 2013-03-25 13:34 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-19 08:11 . 2013-03-19 08:11 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-15 06:28 . 2013-03-15 06:28 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-15 06:28 . 2013-03-15 06:28 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-15 06:18 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-04 15:51 . 2013-03-04 15:51 -------- d-----w- c:\users\Rosi\Telefon & Internet
2013-03-04 15:50 . 2013-03-04 15:51 -------- d-----w- c:\users\Rosi\Studium
2013-03-04 15:49 . 2013-03-04 15:49 -------- d-----w- c:\users\Rosi\schoolscout Rechnungen
2013-03-04 15:49 . 2013-03-04 15:49 -------- d-----w- c:\users\Rosi\napster
2013-03-04 15:49 . 2013-03-04 15:49 -------- d-----w- c:\users\Rosi\media markt, commerz finanz ipad
2013-03-04 15:48 . 2013-03-04 15:48 -------- d-----w- c:\users\Rosi\Kabeldeutschland
2013-03-04 15:48 . 2013-03-04 15:48 -------- d-----w- c:\users\Rosi\Inlingua
2013-03-04 15:48 . 2013-03-04 15:48 -------- d-----w- c:\users\Rosi\Grin Verlag
2013-03-04 15:48 . 2013-03-04 15:48 -------- d-----w- c:\users\Rosi\Finanzamt
2013-03-04 15:46 . 2013-03-04 15:46 -------- d-----w- c:\users\Rosi\Debeka
2013-03-04 15:46 . 2013-03-04 15:46 -------- d-----w- c:\users\Rosi\Bewerbung
2013-03-04 15:46 . 2013-03-04 15:46 -------- d-----w- c:\users\Rosi\Bafög u KfW-Bank
2013-03-04 15:46 . 2013-03-04 15:46 -------- d-----w- c:\users\Rosi\Arge
2013-03-04 15:46 . 2013-03-04 15:46 -------- d-----w- c:\users\Rosi\Allerlei
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 06:30 . 2013-03-03 14:56 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 07:07 . 2013-02-28 23:13 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 07:07 . 2013-02-28 23:13 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-03 21:50 . 2013-03-03 21:50 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-03-03 21:49 . 2013-03-03 21:49 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-03-03 21:49 . 2013-03-03 21:49 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-28 21:37 . 2011-03-29 01:36 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-02-12 05:45 . 2013-03-15 06:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-15 06:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-15 06:18 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-15 06:18 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-15 06:18 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-15 06:18 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-28 13:19 . 2013-02-28 22:12 35104 ----a-w- c:\windows\system32\TURegOpt.exe
2013-01-28 13:19 . 2013-02-28 22:12 26400 ----a-w- c:\windows\system32\authuitu.dll
2013-01-28 13:19 . 2013-02-28 22:12 21792 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-01-05 05:53 . 2013-03-01 17:55 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-03-01 17:55 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-03-01 17:55 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-03-01 17:53 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-03-01 17:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-03-01 17:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-03-01 17:54 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-03-01 17:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-03-01 17:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-03-01 17:53 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-03-01 17:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2012-02-07 636520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-25 345312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R4 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2012-02-29 28264]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-25 28600]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-03-25 374496]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-25 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-03-25 565472]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2012-02-07 255376]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-03-01 382272]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-01-28 2402080]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-08-11 1014624]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-28 07:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-05 13374568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://packardbell.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Rosi\AppData\Roaming\Mozilla\Firefox\Profiles\t9rle8pm.default\
FF - ExtSQL: 2013-03-01 00:35; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2013-03-01 00:35; msntoolbar@msn.com; c:\program files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox
FF - ExtSQL: 2013-03-03 16:26; de-DE@dictionaries.addons.mozilla.org; c:\users\Rosi\AppData\Roaming\Mozilla\Firefox\Profiles\t9rle8pm.default\extensions\de-DE@dictionaries.addons.mozilla.org
FF - ExtSQL: 2013-03-03 22:40; langpack-de@firefox.mozilla.org; c:\users\Rosi\AppData\Roaming\Mozilla\Firefox\Profiles\t9rle8pm.default\extensions\langpack-de@firefox.mozilla.org.xpi
FF - ExtSQL: 2013-03-03 22:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Rosi\AppData\Roaming\Mozilla\Firefox\Profiles\t9rle8pm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2013-03-01 00:35; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-03 17:33:55
ComboFix-quarantined-files.txt 2013-04-03 15:33
.
Vor Suchlauf: 6 Verzeichnis(se), 296.485.781.504 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 296.413.077.504 Bytes frei
.
- - End Of File - - 6B2AA86D4ACD60C1A600E1DA19A68826
|
|
03.04.2013, 19:47
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JS/Redirector.YJ hat meinen PC infiziert! was tun? JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.04.2013, 20:20
| #15 |
| | JS/Redirector.YJ hat meinen PC infiziert! was tun? okay, hier wieder die Logfiles: JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.1 (04.03.2013:1)
OS: Windows 7 Home Premium x64
Ran by Rosi on 03.04.2013 at 20:54:39,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\Rosi\AppData\Roaming\mozilla\firefox\profiles\t9rle8pm.default\user.js
Emptied folder: C:\Users\Rosi\AppData\Roaming\mozilla\firefox\profiles\t9rle8pm.default\minidumps [11 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.04.2013 at 20:58:33,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.200 - Datei am 03/04/2013 um 21:02:01 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Rosi - GOERAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Rosi\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (en-US)
Datei : C:\Users\Rosi\AppData\Roaming\Mozilla\Firefox\Profiles\t9rle8pm.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [729 octets] - [03/04/2013 21:02:01]
########## EOF - C:\AdwCleaner[S1].txt - [788 octets] ##########
Code:
ATTFilter OTL logfile created on: 03.04.2013 21:13:55 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rosi\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,44% Memory free 7,93 Gb Paging File | 6,27 Gb Available in Paging File | 79,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,95 Gb Total Space | 275,92 Gb Free Space | 60,52% Space Free | Partition Type: NTFS Drive D: | 456,46 Gb Total Space | 229,18 Gb Free Space | 50,21% Space Free | Partition Type: NTFS Computer Name: GOERAN-PC | User Name: Rosi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rosi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (Live Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3418318616-303698100-86319418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKU\S-1-5-21-3418318616-303698100-86319418-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3418318616-303698100-86319418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3418318616-303698100-86319418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: langpack-de%40firefox.mozilla.org:19.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.03.01 01:35:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2013.03.01 01:35:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 15:11:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.03.01 01:35:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 15:11:17 | 000,000,000 | ---D | M] [2013.03.01 00:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rosi\AppData\Roaming\mozilla\Extensions [2013.03.03 23:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rosi\AppData\Roaming\mozilla\Firefox\Profiles\t9rle8pm.default\extensions [2013.03.03 17:26:58 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Rosi\AppData\Roaming\mozilla\Firefox\Profiles\t9rle8pm.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.03.03 23:40:48 | 000,306,394 | ---- | M] () (No name found) -- C:\Users\Rosi\AppData\Roaming\mozilla\firefox\profiles\t9rle8pm.default\extensions\langpack-de@firefox.mozilla.org.xpi [2013.03.03 23:41:04 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Rosi\AppData\Roaming\mozilla\firefox\profiles\t9rle8pm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.09 15:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.03.09 15:11:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.16 02:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 02:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3418318616-303698100-86319418-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3418318616-303698100-86319418-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3418318616-303698100-86319418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D393FBA-8CD0-4BF4-8E86-338905ED870C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.03 20:54:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.03 20:54:03 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.03 17:44:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.03 17:28:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.03 17:28:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.03 17:28:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.03 17:28:52 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.03 17:28:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.02 21:53:51 | 000,000,000 | ---D | C] -- C:\Users\Rosi\Desktop\Virus [2013.04.02 18:06:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.04.02 17:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.25 15:34:58 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.25 15:34:58 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.25 15:34:58 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.19 16:32:13 | 000,000,000 | R--D | C] -- C:\Users\Rosi\Favorites [2013.03.19 10:12:07 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.03.19 10:12:07 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.03.19 10:12:07 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.03.19 10:12:07 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.03.19 10:12:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.03.19 10:12:07 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.03.19 10:12:07 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.03.19 10:12:07 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.03.19 10:12:07 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.19 10:12:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.03.19 10:12:06 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.19 10:12:06 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.19 10:12:06 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.19 10:12:06 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.03.19 10:12:06 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.03.19 10:12:06 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.03.19 10:12:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.19 10:12:06 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.03.19 10:12:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.19 10:12:06 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.03.19 10:12:06 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.19 10:12:06 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.19 10:12:06 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.03.19 10:12:06 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.03.19 10:12:06 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.19 10:12:06 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.03.19 10:12:06 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.03.19 10:12:06 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.19 10:12:06 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.19 10:12:06 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.03.19 10:12:06 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.03.19 10:12:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.19 10:12:06 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.03.19 10:12:06 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.03.19 10:12:06 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.03.19 10:12:06 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.19 10:12:06 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.03.19 10:12:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.03.19 10:12:06 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.03.19 10:12:06 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.03.19 10:12:06 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.03.19 10:12:06 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.03.19 10:12:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.03.19 10:12:06 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.03.19 10:12:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.19 10:12:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.03.19 10:12:06 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.03.19 10:12:06 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.03.19 10:12:06 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.03.19 10:12:06 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.03.19 10:12:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.03.19 10:12:06 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.03.19 10:12:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.03.19 10:12:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.03.19 10:12:06 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.03.19 10:12:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.03.19 10:12:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.03.19 10:12:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.03.19 10:12:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.03.19 10:12:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.03.19 10:12:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.03.19 10:12:06 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.03.19 10:12:06 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.03.19 10:12:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.03.19 10:12:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.03.19 10:12:06 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.03.19 10:12:05 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.19 10:12:05 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.03.19 10:11:30 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.03.19 10:11:30 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.03.19 10:11:30 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.03.19 10:11:30 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.03.19 10:11:30 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.03.19 10:11:30 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.03.19 10:11:30 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.03.19 10:11:30 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.03.19 10:11:30 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.03.19 10:11:30 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.03.19 10:11:30 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.03.19 10:11:30 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.03.19 10:11:30 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.03.19 10:11:30 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.03.19 10:11:30 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.03.19 10:11:30 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.03.19 10:11:30 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.03.19 10:11:30 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.03.19 10:11:30 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.03.19 10:11:30 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.03.19 10:11:30 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.03.19 10:11:30 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.03.19 10:11:30 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.03.19 10:11:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.19 10:11:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.19 10:11:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.19 10:11:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.19 10:11:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.19 10:11:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.19 10:11:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.19 10:11:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.19 10:11:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.15 08:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.15 08:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.15 08:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.15 08:18:06 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.09 15:11:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.04.03 21:11:05 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.03 21:11:05 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.03 21:08:36 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.03 21:08:36 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.03 21:08:36 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.03 21:08:36 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.03 21:08:36 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.03 21:07:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.03 21:03:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.03 21:03:01 | 3193,249,792 | -HS- | M] () -- C:\hiberfil.sys [2013.04.02 18:06:20 | 477,330,661 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.25 15:34:48 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.25 15:34:48 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.25 15:34:48 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.19 10:12:07 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.03.19 10:12:07 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.03.19 10:12:07 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.03.19 10:12:07 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.03.19 10:12:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.03.19 10:12:07 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.03.19 10:12:07 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.03.19 10:12:07 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.03.19 10:12:07 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.19 10:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.03.19 10:12:06 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.19 10:12:06 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.19 10:12:06 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.19 10:12:06 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.03.19 10:12:06 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.03.19 10:12:06 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.03.19 10:12:06 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.19 10:12:06 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.03.19 10:12:06 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.19 10:12:06 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.03.19 10:12:06 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.19 10:12:06 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.19 10:12:06 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.03.19 10:12:06 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.03.19 10:12:06 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.19 10:12:06 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.03.19 10:12:06 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.03.19 10:12:06 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.19 10:12:06 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.19 10:12:06 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.03.19 10:12:06 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.03.19 10:12:06 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.19 10:12:06 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.03.19 10:12:06 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.03.19 10:12:06 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.03.19 10:12:06 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.19 10:12:06 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.03.19 10:12:06 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.03.19 10:12:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.03.19 10:12:06 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.03.19 10:12:06 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.03.19 10:12:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.03.19 10:12:06 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.03.19 10:12:06 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.03.19 10:12:06 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.19 10:12:06 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.03.19 10:12:06 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.03.19 10:12:06 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.03.19 10:12:06 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.03.19 10:12:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.03.19 10:12:06 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.03.19 10:12:06 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.03.19 10:12:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.03.19 10:12:06 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.03.19 10:12:06 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.03.19 10:12:06 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.03.19 10:12:06 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.03.19 10:12:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.03.19 10:12:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.03.19 10:12:06 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.03.19 10:12:06 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.03.19 10:12:06 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.03.19 10:12:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.19 10:12:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.19 10:12:06 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.03.19 10:12:06 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.03.19 10:12:06 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.03.19 10:12:06 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.03.19 10:12:05 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.19 10:12:05 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.03.19 10:11:30 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.03.19 10:11:30 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.03.19 10:11:30 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.03.19 10:11:30 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.03.19 10:11:30 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.03.19 10:11:30 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.03.19 10:11:30 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.03.19 10:11:30 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.03.19 10:11:30 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.03.19 10:11:30 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.03.19 10:11:30 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.03.19 10:11:30 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.03.19 10:11:30 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.03.19 10:11:30 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.03.19 10:11:30 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.03.19 10:11:30 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.03.19 10:11:30 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.03.19 10:11:30 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.03.19 10:11:30 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.03.19 10:11:30 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.03.19 10:11:30 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.03.19 10:11:30 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.03.19 10:11:30 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.03.19 10:11:30 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.19 10:11:30 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.19 10:11:30 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.19 10:11:30 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.19 10:11:30 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.19 10:11:30 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.19 10:11:30 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.19 10:11:30 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.19 10:11:30 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.19 10:11:30 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.19 10:11:30 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.13 09:07:28 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 09:07:28 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.05 21:51:14 | 000,419,940 | ---- | M] () -- C:\Users\Rosi\Desktop\Erwarttungshorizont produktionsorientiertes Arbeiten.pdf [2013.03.05 21:44:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf ========== Files Created - No Company Name ========== [2013.04.03 17:28:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.03 17:28:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.03 17:28:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.03 17:28:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.03 17:28:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.02 18:06:20 | 477,330,661 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.03.19 10:12:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.19 10:12:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.05 21:51:14 | 000,419,940 | ---- | C] () -- C:\Users\Rosi\Desktop\Erwarttungshorizont produktionsorientiertes Arbeiten.pdf [2013.03.05 21:44:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.03.01 01:30:38 | 000,233,257 | ---- | C] () -- C:\Windows\hpoins47.dat.temp [2013.03.01 01:30:38 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp [2013.03.01 01:24:38 | 000,233,552 | ---- | C] () -- C:\Windows\hpoins47.dat [2012.06.14 23:02:07 | 000,001,354 | ---- | C] () -- C:\Users\Rosi\User's Guide.lnk [2012.03.01 15:22:22 | 000,417,600 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.25 10:58:53 | 000,000,000 | ---D | M] -- C:\Users\Rosi\AppData\Roaming\OEM [2013.03.01 00:12:28 | 000,000,000 | ---D | M] -- C:\Users\Rosi\AppData\Roaming\TuneUp Software [2013.03.01 00:05:11 | 000,000,000 | ---D | M] -- C:\Users\Rosi\AppData\Roaming\WildTangent ========== Purity Check ========== < End of report > |
|
| Themen zu JS/Redirector.YJ hat meinen PC infiziert! was tun? |
| antworten, befall, erscheine, folge, folgende, gefährliche, gefährlichen, google, hallo zusammen, infiziert, interne, internet, js/redirector.yj, passwörter, pc infiziert, programme, seite, seiten, troja, trojaner, verschoben, virenbefall, was tun?, weiterhelfen, wenig, wirklich, worte, zusammen, ändern |
Linear-Darstellung
