|
Plagegeister aller Art und deren Bekämpfung: Mail delivery failed Emails - vermutlich Maleware ProblemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.04.2013, 16:13 | #1 |
| Mail delivery failed Emails - vermutlich Maleware Problem Liebe fleissigen Helferlein vom Trojaner Board, ich bekomme seit ein paar Tagen Emails mit dem Betreff "Mail delivery failed" in denen meine Email Adresse als Absender steht. Da ich 3 Spiele Bei Zylom gekauft und eines nun öfter gespielt habe, vermute ich, dass ich mir wohl damit Maleware eingefangen habe. Mein Virenscanner Kaspersky hat zwar schon einmal eine Trojaner- bzw. Maleware-Meldung gebracht, aber ich Drösel habe das Programm zugelassen. Leider habe ich zu wenig Ahnung von der Materie um mir selber zu helfen, deswegen wende ich mich an euch, die Spezialisten. Ich habe bereits Malewarebytes runtergeladen und das ist die "Auswertung": malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.26.14 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 27.03.2013 13:58:11 mbam-log-2013-03-27 (13-58-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 379376 Laufzeit: 2 Stunde(n), 53 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\***\AppData\Local\Zylom Games\Fishdom - Seasons Under the Sea Deluxe\Fishdom.exe (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Zylom Games\Fishdom - Spooky Splash Deluxe\fishdomspookysplash.exe (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Zylom Games\Fishdom 2 Deluxe\Fishdom.exe (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Dann habe ich defogger heruntergeladen und ausgeführt. Es kam keine Fehlermeldung. Heute habe ich OTL runtergeladen und dies sind die Text-Dateien: OTL-Txt: OTL logfile created on: 02.04.2013 14:56:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rike\Downloads Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 58,92% Memory free 4,23 Gb Paging File | 2,73 Gb Available in Paging File | 64,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,05 Gb Total Space | 84,50 Gb Free Space | 56,69% Space Free | Partition Type: NTFS Drive D: | 146,00 Gb Total Space | 72,55 Gb Free Space | 49,69% Space Free | Partition Type: NTFS Computer Name: RIKE-PC | User Name: Rike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.02 14:55:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rike\Downloads\OTL.exe PRC - [2013.03.12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Online Games Manager\ogmservice.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.18 12:02:43 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.12.01 00:22:45 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2012.11.29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2012.11.13 14:40:53 | 000,366,576 | ---- | M] (IncrediMail, Ltd.) -- C:\Programme\IncrediMail\Bin\IncMail.exe PRC - [2012.11.13 14:40:53 | 000,264,176 | ---- | M] (IncrediMail, Ltd.) -- C:\Programme\IncrediMail\Bin\ImApp.exe PRC - [2012.06.06 09:15:30 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2011.09.09 17:01:16 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe PRC - [2011.09.09 16:49:30 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2007.05.09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe ========== Modules (No Company Name) ========== MOD - [2012.11.13 14:40:54 | 000,108,448 | ---- | M] () -- C:\Programme\IncrediMail\Bin\PMC.dll MOD - [2012.11.13 14:40:54 | 000,071,664 | ---- | M] () -- C:\Programme\IncrediMail\Bin\wlessfp1.dll MOD - [2012.11.13 14:40:53 | 000,268,272 | ---- | M] () -- C:\Programme\IncrediMail\Bin\ImLookExU.dll MOD - [2012.11.13 14:40:53 | 000,133,104 | ---- | M] () -- C:\Programme\IncrediMail\Bin\ImComUtlU.dll MOD - [2012.11.13 14:40:53 | 000,079,856 | ---- | M] () -- C:\Programme\IncrediMail\Bin\ImAppRU.dll MOD - [2012.11.13 14:40:53 | 000,032,680 | ---- | M] () -- C:\Programme\IncrediMail\Bin\IMHttpComm.dll MOD - [2012.08.17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ========== Services (SafeList) ========== SRV - [2013.03.12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Programme\Online Games Manager\ogmservice.exe -- (ogmservice) SRV - [2013.03.08 14:56:48 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.01 00:22:45 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.11.29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.06 09:15:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.12.01 00:29:09 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012.12.01 00:29:09 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012.09.19 11:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.08.13 17:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2012.05.11 07:34:06 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.12.30 13:20:26 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2010.12.30 13:20:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2010.12.30 13:20:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010.12.30 13:20:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010.12.30 13:20:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010.12.30 13:19:46 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2009.06.16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.10.10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.09.26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.03.05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1eyo1G8uA54 IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.ebay.de" FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1a362281000000000000001dd9eb4d47&tlver=1.4.31.2&instlRef=&ss=1&affID=100365&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.08.15 13:35:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.18 12:04:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:56:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:56:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.15 00:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rike\AppData\Roaming\mozilla\Extensions [2013.01.03 17:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rike\AppData\Roaming\mozilla\Firefox\Profiles\15samsl2.default\extensions [2012.01.09 21:31:05 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Rike\AppData\Roaming\mozilla\Firefox\Profiles\15samsl2.default\extensions\ffxtlbr@babylon.com [2013.03.08 14:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 14:56:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.20 19:54:46 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2012.12.18 12:04:47 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2013.03.08 14:56:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.18 14:36:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 11:16:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.18 14:36:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.18 14:36:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.18 14:36:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.18 14:36:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Web Assistant = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.457_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\ CHR - Extension: RealDownloader = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Skype Extension = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\ CHR - Extension: Anti-Banner = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Program Files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Program Files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\Toolbar\WebBrowser: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Programme\IncrediMail\Bin\resources\WebMenuImg.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11BBDDAA-5B74-42EB-A6F3-D0D567C18A91}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0AFF43A-621A-46FD-82F1-8ACF19E8B160}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Rike\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Rike\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.02 12:04:25 | 000,000,000 | ---D | C] -- C:\a1c184cb90d61239a326 [2013.03.27 00:50:16 | 000,000,000 | ---D | C] -- C:\Users\Rike\Documents\Schulter [2013.03.26 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Roaming\Malwarebytes [2013.03.26 23:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.26 23:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.26 23:36:44 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.26 23:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.10 16:18:58 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\GameHouse [2013.03.08 14:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.04.02 14:49:32 | 000,000,000 | ---- | M] () -- C:\Users\Rike\defogger_reenable [2013.04.02 14:24:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.02 14:00:17 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.04.02 14:00:15 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.04.02 14:00:15 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.02 14:00:15 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.02 14:00:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.02 12:00:57 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.02 12:00:57 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.02 12:00:57 | 000,126,510 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.02 12:00:57 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.02 11:53:25 | 000,001,773 | ---- | M] () -- C:\Users\Rike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk [2013.04.02 11:53:14 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.02 11:52:46 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys [2013.04.02 01:49:13 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.04.01 19:26:26 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.26 23:36:48 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.17 15:28:09 | 286,760,927 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.13 11:40:27 | 000,019,456 | ---- | M] () -- C:\Users\Rike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2013.04.02 14:49:32 | 000,000,000 | ---- | C] () -- C:\Users\Rike\defogger_reenable [2013.03.26 23:36:48 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.10 22:26:35 | 000,001,502 | ---- | C] () -- C:\Users\Rike\.recently-used.xbel [2012.11.28 14:47:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.11.14 20:58:29 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2012.11.14 20:57:47 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.12.05 22:33:48 | 000,017,408 | ---- | C] () -- C:\Users\Rike\AppData\Local\WebpageIcons.db [2011.07.19 14:25:38 | 000,166,605 | ---- | C] () -- C:\Windows\hpoins21.dat.temp [2011.07.19 14:25:38 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp [2011.07.17 14:01:18 | 000,019,456 | ---- | C] () -- C:\Users\Rike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.16 01:41:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.07.16 01:33:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.07.16 01:33:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.07.16 01:31:12 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.07.15 23:35:54 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2011.07.14 23:37:54 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.07.14 23:37:17 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.07.14 22:30:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.07.14 22:14:22 | 000,186,464 | ---- | C] () -- C:\Windows\hpoins21.dat [2011.07.14 22:14:22 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat [2011.07.14 21:46:25 | 000,000,680 | ---- | C] () -- C:\Users\Rike\AppData\Local\d3d9caps.dat [2011.07.14 21:31:39 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat ========== ZeroAccess Check ========== [2006.11.02 14:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.01.22 01:18:24 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Amazon [2013.01.14 21:42:12 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Audacity [2011.07.19 22:21:44 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Babylon [2012.11.22 21:39:56 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\calibre [2012.12.10 22:28:39 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\gtk-2.0 [2012.11.14 20:58:59 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\MAGIX [2012.07.01 14:34:50 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Nokia [2012.07.01 14:34:51 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Nokia Suite [2012.06.28 00:36:16 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\PC Suite [2013.01.02 23:52:36 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\PhotoScape [2012.11.15 13:31:12 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Playrix Entertainment [2011.07.27 16:27:36 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\SmartTools [2013.01.03 17:22:47 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\UDC Profiles [2012.08.30 10:50:01 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Vodafone [2012.11.15 13:30:46 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Zylom ========== Purity Check ========== < End of report > Hier die Extra.Txt: OTL Extras logfile created on: 02.04.2013 14:56:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rike\Downloads Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 58,92% Memory free 4,23 Gb Paging File | 2,73 Gb Available in Paging File | 64,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,05 Gb Total Space | 84,50 Gb Free Space | 56,69% Space Free | Partition Type: NTFS Drive D: | 146,00 Gb Total Space | 72,55 Gb Free Space | 49,69% Space Free | Partition Type: NTFS Computer Name: RIKE-PC | User Name: Rike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{190C6300-2B84-431F-9BC8-7698FF62CC9B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{30593774-0A21-4EED-A2AD-6243660C0251}" = lport=138 | protocol=17 | dir=in | app=system | "{37C66F52-CFB7-44B2-B0F8-A06A399E0618}" = rport=445 | protocol=6 | dir=out | app=system | "{443DE31E-C10D-4F5E-86C0-C855341360F7}" = rport=10243 | protocol=6 | dir=out | app=system | "{4523FEB0-2BB1-4897-8435-47B53C63408C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4F488A2A-1E0D-4161-9A38-F37BF58138C7}" = lport=2869 | protocol=6 | dir=in | app=system | "{552A8218-30C8-442D-9B27-CAFF9B93A5C1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{606B6052-6D86-4BB5-986E-2256805BE253}" = lport=139 | protocol=6 | dir=in | app=system | "{6A1803E3-E309-4ADE-998B-20EB7B413F5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6A32A5AF-AC80-4B42-8FF4-70C8EE509BAB}" = lport=445 | protocol=6 | dir=in | app=system | "{6F914B4B-C1B9-444E-AF29-20AD20250911}" = rport=137 | protocol=17 | dir=out | app=system | "{8B68A314-BDC5-4721-81DD-F4F448A9BE4D}" = rport=138 | protocol=17 | dir=out | app=system | "{944CF942-4F0B-4B81-B184-94128001AAF9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9CA35107-09C4-4BCA-AA7B-EF75457585B4}" = lport=137 | protocol=17 | dir=in | app=system | "{B1EC4F16-A75A-48DC-A3E6-449D3D4F1C85}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B8F563B5-579E-4346-B2C8-88E192863C9D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C001F7C1-B0B8-4F23-A081-E96DF64BE742}" = rport=139 | protocol=6 | dir=out | app=system | "{CF046FEF-8E66-4060-BE76-B5B437DF995F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D9EB97BE-DE73-4B80-AB22-FAC1952F6178}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DB62EC5B-D0FB-4A91-9CA8-0DE95301898F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EB1F3FB4-597E-431E-846B-0017BB25F09A}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2417A877-E097-4780-A186-A24783E1D35A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{29A48A1D-266D-40E0-8C03-EDAC804CE370}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{38931EE1-1C16-4CA2-B74D-3336893EC8C9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{3AB1BC49-5E58-4048-A1B3-9CF21EBE99CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3B195ADD-1B8A-4078-AF8B-36542166C4B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{59F6A49A-0FAE-4AAF-8322-32B6D31FF195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5F664BC8-AD26-464B-8262-076A761B0B1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{649159D1-C543-4F01-9BB2-9445B2127B10}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{65504B95-5929-4BF1-A551-02E155761738}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe | "{6EDD0956-35DC-49FD-B4E4-03D0CE7A91B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{89CA40B8-4122-46F5-92BD-CE9263FF5A13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8F9029AD-8037-4D3D-98C0-C397E0758EE4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{93FB8B41-EC61-4EFC-8E1E-9C2216559BEE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9D2AF647-7E94-4EA1-8DAA-A0E935E61E34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A029A707-4125-4740-869B-87F8B021B7A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B244666D-8306-4D82-A879-32AC324B0646}" = protocol=6 | dir=out | app=system | "{B84AF35E-9A78-4A42-85B6-FC6EE10AD748}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe | "{C277BD8C-4892-4A6A-B200-EB0881370DEA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C4BBDBF9-46B5-4AC4-AA43-30D1E7C23142}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D3C78871-D0CB-4E9F-BA47-1400E74DF0DB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D6F2201A-EE22-40C2-85CA-78419CF85425}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{FF30DD1D-F18D-47B2-97E3-96DBC1898B9A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0EFDE8F4-691D-4CB0-B4C1-0BD63B0907FF}" = IncrediMail "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool "{162d74e4-7d6d-4949-8018-50e96e314696}" = C6200_Help "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2 "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.457 "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CC52794-9EFB-4E79-A9BC-2CFFAB13DB0A}" = calibre "{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator "{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2 "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98D64F70-1BE2-4E06-A58E-50FF642B3F24}" = HP Officejet Pro 8600 - Grundlegende Software für das Gerät "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE54D686-ACC0-42db-A46B-987A5B6D8325}" = C6200 "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "5e705002f617ebf70b75dc63e088477e" = MahJongg Mystery Deluxe "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Audacity_is1" = Audacity 2.0.2 "BabylonToolbar" = Babylon toolbar on IE "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) "Das Rettungsteam" = Das Rettungsteam "DSGPlayer" = RTL GAME CENTER "fd31db37f368bf575c9eb3d51ef0b9a4" = Bejeweled(R) 3 "Free YouTube Downloader Converter" = Free YouTube Downloader Converter "Google Chrome" = Google Chrome "Green Valley" = Green Valley "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "HPOCR" = OCR Software by I.R.I.S. 10.0 "IncrediMail" = IncrediMail 2.0 "IncrediMail_MediaBar_Deutsch_2 Toolbar" = IncrediMail MediaBar Deutsch 2 Toolbar "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "MAGIX FunPix Maker D" = MAGIX FunPix Maker 1.0.0.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "Online Games Manager" = Online Games Manager v1.20 "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "PhotoScape" = PhotoScape "RealPlayer 16.0" = RealPlayer "Shop for HP Supplies" = Shop for HP Supplies "SmartToolsSchriftart-Assistentv3.50" = SmartTools Publishing • Word Schriftart-Assistent "UltSounds" = Windows-Soundschemas "UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™ "UnderCoverXP_is1" = UnderCoverXP 1.23 "Universal Document Converter_is1" = Universal Document Converter (Demo) "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "Zylom Games Player Plugin" = Zylom Games Player Plugin ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Fishdom - Seasons Under the Sea Deluxe" = Fishdom - Seasons Under the Sea Deluxe "Fishdom - Spooky Splash Deluxe" = Fishdom - Spooky Splash Deluxe "Fishdom 2 Deluxe" = Fishdom 2 Deluxe ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013 Description = Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013 Description = Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013 Description = Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013 Description = Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013 Description = Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013 Description = Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013 Description = Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013 Description = Error - 01.01.2013 17:49:05 | Computer Name = Rike-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 01.01.2013 17:49:05 | Computer Name = Rike-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 01.04.2013 14:08:43 | Computer Name = Rike-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 01.04.2013 15:56:08 | Computer Name = Rike-PC | Source = DCOM | ID = 10010 Description = Error - 01.04.2013 18:09:03 | Computer Name = Rike-PC | Source = Service Control Manager | ID = 7000 Description = Error - 01.04.2013 18:09:07 | Computer Name = Rike-PC | Source = DCOM | ID = 10016 Description = Error - 01.04.2013 18:09:13 | Computer Name = Rike-PC | Source = Service Control Manager | ID = 7022 Description = Error - 01.04.2013 19:47:52 | Computer Name = Rike-PC | Source = DCOM | ID = 10010 Description = Error - 02.04.2013 05:54:17 | Computer Name = Rike-PC | Source = DCOM | ID = 10016 Description = Error - 02.04.2013 05:54:19 | Computer Name = Rike-PC | Source = Service Control Manager | ID = 7000 Description = Error - 02.04.2013 05:54:38 | Computer Name = Rike-PC | Source = Service Control Manager | ID = 7022 Description = Error - 02.04.2013 08:00:03 | Computer Name = Rike-PC | Source = Service Control Manager | ID = 7011 Description = < End of report > Dann habe ich noch GMER runtergeladen. Hier das Ergebnis: GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-04-02 16:33:15 Windows 6.0.6002 Service Pack 2 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3 FUJITSU_MHY2160BH rev.0085000B 149,05GB Running: gmer_2.1.19155.exe; Driver: C:\Users\Rike\AppData\Local\Temp\kxldrpow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x90884208] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x90837FB8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x90838300] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x90838746] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x9082091E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x90837C92] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x90820E96] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x90820D7C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x90838164] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x90887072] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x90820FB6] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSymbolicLinkObject [0x90848130] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x9088650A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x90838232] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x90886054] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x90820962] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x9088434A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x90883FB2] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x90848170] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x90836422] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x90820F2C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x90820E0C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x90885BFC] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x9088731E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x9082104C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x90886266] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwPlugPlayControl [0x90848140] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x908210D6] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x90836630] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x90886D20] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x9083852A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x908383B8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x9083846E] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x9083859A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x90886A4C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x90837E20] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x90886BA8] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x90821178] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x908840BC] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x90885D9C] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x908868F4] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x9082118A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x90885EFC] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x90886406] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x90887486] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x908871B0] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x9088674A] SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x908861AE] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 119 844F37DC 4 Bytes [08, 42, 88, 90] {OR [EDX-0x78], AL; NOP } .text ntkrnlpa.exe!KeSetEvent + 13D 844F3800 8 Bytes [B8, 7F, 83, 90, 00, 83, 83, ...] .text ntkrnlpa.exe!KeSetEvent + 181 844F3844 4 Bytes [46, 87, 83, 90] .text ntkrnlpa.exe!KeSetEvent + 1A9 844F386C 4 Bytes [1E, 09, 82, 90] .text ntkrnlpa.exe!KeSetEvent + 1C1 844F3884 4 Bytes [92, 7C, 83, 90] {XCHG EDX, EAX; JL 0xffffff86; NOP } .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3380] kernel32.dll!SetUnhandledExceptionFilter 75FCA8B5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9eb4d47 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9eb4d47@80501bfa8c65 0x9B 0xA6 0x1B 0xE9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9eb4d47@58c38be9c4a7 0x0F 0xEB 0xE5 0x0F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9eb4d47@0021aa7c4927 0x0E 0x59 0x94 0xC0 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9eb4d47 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9eb4d47@80501bfa8c65 0x9B 0xA6 0x1B 0xE9 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9eb4d47@58c38be9c4a7 0x0F 0xEB 0xE5 0x0F ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9eb4d47@0021aa7c4927 0x0E 0x59 0x94 0xC0 ... ---- EOF - GMER 2.1 ---- Ich weiß nicht, ob ich das alles richtig gemacht habe und ob ihr noch irgendetwas von mir benötigt. Jedenfalls wäre ich sehr dankbar, wenn ihr mir helfen könnt. Ich bin vermutlich erst wieder morgen am späten Abend an meinem Rechner. Also nicht wundern, wenn ich nicht sofort antworte. Vorerst schon einmal Danke. Herzliche Grüße witchy |
04.04.2013, 11:30 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mail delivery failed Emails - vermutlich Maleware Problem Hallo und
__________________Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
04.04.2013, 13:50 | #3 | |||
| Mail delivery failed Emails - vermutlich Maleware ProblemZitat:
Tja das ist eine gute Frage. Ich glaube ich geh gleich zur nächsten. Scherz beiseite! Ich habe den Laptop als Geschenk (neu) von meinem Bruder zu Weihnachten 200? bekommen und mir nie die Frage gestellt warum da Ultimate drauf ist. Er hat in der letzten Zeit immer gesagt, dass ich doch mal Windows 7 drüber spielen soll, aber da sollte ich ihn vielleicht vorher platt machen, oder? Ich bin reiner Heimanwender mit diesem Rechner. Zitat:
Malwarebytes hat das noch ausgespuckt: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.26.14 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Rike :: RIKE-PC [Administrator] 26.03.2013 22:38:53 mbam-log-2013-03-26 (22-38-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205087 Laufzeit: 23 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Rike\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Die Log-Dateien vom Kaspersky finde ich nicht. Ich hänge mal die Seite mit dem "Bericht" an. Wenn du die Log-Dateien dazu benötigst, dann musst du mir bitte erklären wie und wo ich die finde. Danke! Zitat:
Sorry nochmal dass ich nicht alles gepostet habe. Ich hoffe, dass ich jetzt alles richtig gemacht habe oder hätte ich die Logdatei nicht so wie oben reinkopieren dürfen? |
04.04.2013, 16:11 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mail delivery failed Emails - vermutlich Maleware Problem Hm, da frag ich mich wo deiner Bruder diese Ultimate Edition her hat. Weiß du das? Wenn nicht frag ihn mal bei Gelegenheit Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
04.04.2013, 23:42 | #5 | |
| Mail delivery failed Emails - vermutlich Maleware ProblemZitat:
ich habe meinen Bruder gefragt. Dazu solltest du vielleicht wissen was für einen Laptop ich habe. Es ist ein DELL Inspirion 1720. Vielleicht erklärt sich mein Ultimate ja jetzt besser? Jedenfalls hat mein Bruder diesen bei DELL bestellt und er dachte, dass er für mich etwas "Besseres" aussucht als die Standard-Vista-Version und deswegen Ultimate genommen. Das konnte man "so anklicken" hat er gesagt. Da ist auch alles Originalware, weil ich schon einmal eine kaputte Festplatte hatte und dies während der Garantiezeit ausgetauscht wurde. So jetzt zu den Logfiles! Dies ist der von Malwarebytes Anti-Rootkit: Der Erste: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022 www.malwarebytes.org Database version: v2013.04.04.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Rike :: RIKE-PC [administrator] 04.04.2013 21:19:34 mbar-log-2013-04-04 (21-19-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 26543 Time elapsed: 37 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022 www.malwarebytes.org Database version: v2013.04.04.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Rike :: RIKE-PC [administrator] 04.04.2013 22:06:28 mbar-log-2013-04-04 (22-06-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 26505 Time elapsed: 36 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-04-04 22:35:47 ----------------------------- 22:35:47.734 OS Version: Windows 6.0.6002 Service Pack 2 22:35:47.734 Number of processors: 2 586 0xF0D 22:35:47.749 ComputerName: RIKE-PC UserName: Rike 22:36:01.384 Initialize success 22:36:38.964 The log file has been saved successfully to "C:\Users\Rike\Desktop\aswMBR.txt" aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-04-04 22:38:30 ----------------------------- 22:38:30.726 OS Version: Windows 6.0.6002 Service Pack 2 22:38:30.726 Number of processors: 2 586 0xF0D 22:38:30.726 ComputerName: RIKE-PC UserName: Rike 22:38:32.645 Initialize success 22:39:04.001 AVAST engine defs: 13040401 22:39:07.464 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 22:39:07.480 Disk 0 Vendor: SAMSUNG_HM160HI HH100-11 Size: 152627MB BusType: 3 22:39:07.480 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3 22:39:07.495 Disk 1 Vendor: FUJITSU_MHY2160BH 0085000B Size: 152627MB BusType: 3 22:39:08.088 Disk 1 MBR read successfully 22:39:08.104 Disk 1 MBR scan 22:39:08.150 Disk 1 Windows VISTA default MBR code 22:39:08.166 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 152625 MB offset 2048 22:39:08.182 Disk 1 scanning sectors +312578048 22:39:09.040 Disk 1 scanning C:\Windows\system32\drivers 22:39:49.007 Service scanning 22:40:08.366 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5 22:40:09.271 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5 22:40:10.036 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5 22:40:10.160 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5 22:40:10.379 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5 22:40:10.519 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5 22:40:40.440 Modules scanning 22:41:31.280 Disk 1 trace - called modules: 22:41:31.358 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 22:41:31.374 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x885feac8] 22:41:31.390 3 CLASSPNP.SYS[85fce8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x87e6db98] 22:41:32.700 AVAST engine scan C:\Windows 22:41:42.450 AVAST engine scan C:\Windows\system32 22:47:52.451 AVAST engine scan C:\Windows\system32\drivers 22:48:23.120 AVAST engine scan C:\Users\Rike 23:41:35.894 AVAST engine scan C:\ProgramData 23:49:39.136 Scan finished successfully 23:50:09.025 Disk 1 MBR has been saved successfully to "C:\Users\Rike\Desktop\MBR.dat" 23:50:09.056 The log file has been saved successfully to "C:\Users\Rike\Desktop\aswMBR.txt" aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-04-04 22:38:30 ----------------------------- 22:38:30.726 OS Version: Windows 6.0.6002 Service Pack 2 22:38:30.726 Number of processors: 2 586 0xF0D 22:38:30.726 ComputerName: RIKE-PC UserName: Rike 22:38:32.645 Initialize success 22:39:04.001 AVAST engine defs: 13040401 22:39:07.464 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 22:39:07.480 Disk 0 Vendor: SAMSUNG_HM160HI HH100-11 Size: 152627MB BusType: 3 22:39:07.480 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3 22:39:07.495 Disk 1 Vendor: FUJITSU_MHY2160BH 0085000B Size: 152627MB BusType: 3 22:39:08.088 Disk 1 MBR read successfully 22:39:08.104 Disk 1 MBR scan 22:39:08.150 Disk 1 Windows VISTA default MBR code 22:39:08.166 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 152625 MB offset 2048 22:39:08.182 Disk 1 scanning sectors +312578048 22:39:09.040 Disk 1 scanning C:\Windows\system32\drivers 22:39:49.007 Service scanning 22:40:08.366 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5 22:40:09.271 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5 22:40:10.036 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5 22:40:10.160 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5 22:40:10.379 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5 22:40:10.519 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5 22:40:40.440 Modules scanning 22:41:31.280 Disk 1 trace - called modules: 22:41:31.358 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 22:41:31.374 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x885feac8] 22:41:31.390 3 CLASSPNP.SYS[85fce8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x87e6db98] 22:41:32.700 AVAST engine scan C:\Windows 22:41:42.450 AVAST engine scan C:\Windows\system32 22:47:52.451 AVAST engine scan C:\Windows\system32\drivers 22:48:23.120 AVAST engine scan C:\Users\Rike 23:41:35.894 AVAST engine scan C:\ProgramData 23:49:39.136 Scan finished successfully 23:50:09.025 Disk 1 MBR has been saved successfully to "C:\Users\Rike\Desktop\MBR.dat" 23:50:09.056 The log file has been saved successfully to "C:\Users\Rike\Desktop\aswMBR.txt" 23:51:20.184 Disk 1 MBR has been saved successfully to "C:\Users\Rike\Desktop\MBR.dat" 23:51:20.199 The log file has been saved successfully to "C:\Users\Rike\Desktop\aswMBR.txt" So und dies ist der Logfile vom TDDSKiller: Code:
ATTFilter 23:58:43.0686 2692 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 23:58:44.0060 2692 ============================================================ 23:58:44.0060 2692 Current date / time: 2013/04/04 23:58:44.0060 23:58:44.0060 2692 SystemInfo: 23:58:44.0060 2692 23:58:44.0060 2692 OS Version: 6.0.6002 ServicePack: 2.0 23:58:44.0060 2692 Product type: Workstation 23:58:44.0060 2692 ComputerName: RIKE-PC 23:58:44.0060 2692 UserName: Rike 23:58:44.0060 2692 Windows directory: C:\Windows 23:58:44.0060 2692 System windows directory: C:\Windows 23:58:44.0060 2692 Processor architecture: Intel x86 23:58:44.0060 2692 Number of processors: 2 23:58:44.0060 2692 Page size: 0x1000 23:58:44.0060 2692 Boot type: Normal boot 23:58:44.0060 2692 ============================================================ 23:58:55.0105 2692 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 23:58:55.0136 2692 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 23:58:55.0214 2692 ============================================================ 23:58:55.0214 2692 \Device\Harddisk0\DR0: 23:58:55.0230 2692 MBR partitions: 23:58:55.0230 2692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x123FFAB3 23:58:55.0308 2692 \Device\Harddisk1\DR1: 23:58:55.0355 2692 MBR partitions: 23:58:55.0355 2692 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800 23:58:55.0355 2692 ============================================================ 23:58:55.0417 2692 C: <-> \Device\Harddisk1\DR1\Partition1 23:58:55.0464 2692 D: <-> \Device\Harddisk0\DR0\Partition1 23:58:55.0464 2692 ============================================================ 23:58:55.0464 2692 Initialize success 23:58:55.0464 2692 ============================================================ 23:59:04.0044 2768 ============================================================ 23:59:04.0044 2768 Scan started 23:59:04.0044 2768 Mode: Manual; SigCheck; TDLFS; 23:59:04.0044 2768 ============================================================ 23:59:06.0790 2768 ================ Scan system memory ======================== 23:59:06.0790 2768 System memory - ok 23:59:06.0790 2768 ================ Scan services ============================= 23:59:07.0991 2768 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 23:59:08.0474 2768 ACPI - ok 23:59:08.0662 2768 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 23:59:08.0708 2768 AdobeARMservice - ok 23:59:08.0864 2768 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 23:59:08.0989 2768 adp94xx - ok 23:59:09.0083 2768 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 23:59:09.0145 2768 adpahci - ok 23:59:09.0239 2768 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 23:59:09.0286 2768 adpu160m - ok 23:59:09.0332 2768 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 23:59:09.0379 2768 adpu320 - ok 23:59:09.0535 2768 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 23:59:10.0237 2768 AeLookupSvc - ok 23:59:10.0393 2768 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 23:59:10.0518 2768 AFD - ok 23:59:10.0658 2768 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys 23:59:10.0705 2768 agp440 - ok 23:59:10.0768 2768 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 23:59:10.0799 2768 aic78xx - ok 23:59:10.0892 2768 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 23:59:11.0142 2768 ALG - ok 23:59:11.0189 2768 [ 3A99CB23A2D326FD532618705D6E3048 ] aliide C:\Windows\system32\drivers\aliide.sys 23:59:11.0236 2768 aliide - ok 23:59:11.0329 2768 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 23:59:11.0392 2768 amdagp - ok 23:59:11.0516 2768 [ 4333C133DBD71C7D7FE4FB1B83F9EE3E ] amdide C:\Windows\system32\drivers\amdide.sys 23:59:11.0594 2768 amdide - ok 23:59:11.0719 2768 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 23:59:12.0312 2768 AmdK7 - ok 23:59:12.0359 2768 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 23:59:12.0593 2768 AmdK8 - ok 23:59:12.0749 2768 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 23:59:12.0905 2768 Appinfo - ok 23:59:13.0030 2768 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll 23:59:13.0123 2768 AppMgmt - ok 23:59:13.0232 2768 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 23:59:13.0295 2768 arc - ok 23:59:13.0373 2768 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 23:59:13.0404 2768 arcsas - ok 23:59:13.0482 2768 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 23:59:13.0622 2768 AsyncMac - ok 23:59:13.0747 2768 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 23:59:13.0778 2768 atapi - ok 23:59:13.0950 2768 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 23:59:14.0106 2768 AudioEndpointBuilder - ok 23:59:14.0153 2768 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 23:59:14.0231 2768 Audiosrv - ok 23:59:14.0278 2768 AVP - ok 23:59:14.0356 2768 [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys 23:59:14.0496 2768 bcm4sbxp - ok 23:59:14.0605 2768 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 23:59:14.0699 2768 Beep - ok 23:59:14.0792 2768 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 23:59:14.0964 2768 BFE - ok 23:59:15.0104 2768 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 23:59:15.0276 2768 BITS - ok 23:59:15.0307 2768 blbdrive - ok 23:59:15.0354 2768 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 23:59:15.0479 2768 bowser - ok 23:59:15.0557 2768 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 23:59:15.0619 2768 BrFiltLo - ok 23:59:15.0650 2768 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 23:59:15.0728 2768 BrFiltUp - ok 23:59:15.0916 2768 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 23:59:16.0040 2768 Browser - ok 23:59:16.0118 2768 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 23:59:16.0274 2768 Brserid - ok 23:59:16.0321 2768 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 23:59:16.0493 2768 BrSerWdm - ok 23:59:16.0540 2768 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 23:59:16.0727 2768 BrUsbMdm - ok 23:59:16.0789 2768 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 23:59:16.0992 2768 BrUsbSer - ok 23:59:17.0070 2768 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 23:59:17.0179 2768 BthEnum - ok 23:59:17.0257 2768 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 23:59:17.0382 2768 BTHMODEM - ok 23:59:17.0522 2768 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 23:59:17.0647 2768 BthPan - ok 23:59:17.0772 2768 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 23:59:17.0912 2768 BTHPORT - ok 23:59:17.0975 2768 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll 23:59:18.0084 2768 BthServ - ok 23:59:18.0115 2768 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 23:59:18.0178 2768 BTHUSB - ok 23:59:18.0256 2768 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 23:59:18.0365 2768 cdfs - ok 23:59:18.0443 2768 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 23:59:18.0583 2768 cdrom - ok 23:59:18.0677 2768 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 23:59:18.0802 2768 CertPropSvc - ok 23:59:18.0911 2768 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 23:59:19.0082 2768 circlass - ok 23:59:19.0145 2768 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 23:59:19.0223 2768 CLFS - ok 23:59:19.0535 2768 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:59:19.0597 2768 clr_optimization_v2.0.50727_32 - ok 23:59:19.0816 2768 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:59:19.0956 2768 clr_optimization_v4.0.30319_32 - ok 23:59:20.0034 2768 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 23:59:20.0174 2768 CmBatt - ok 23:59:20.0284 2768 [ DFB94A6FC3A26972B0461AB5F1D8272B ] cmdide C:\Windows\system32\drivers\cmdide.sys 23:59:20.0346 2768 cmdide - ok 23:59:20.0440 2768 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 23:59:20.0502 2768 Compbatt - ok 23:59:20.0518 2768 COMSysApp - ok 23:59:20.0580 2768 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 23:59:20.0674 2768 crcdisk - ok 23:59:20.0705 2768 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 23:59:20.0845 2768 Crusoe - ok 23:59:20.0939 2768 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 23:59:21.0017 2768 CryptSvc - ok 23:59:21.0126 2768 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys 23:59:21.0266 2768 CSC - ok 23:59:21.0422 2768 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll 23:59:21.0532 2768 CscService - ok 23:59:21.0656 2768 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 23:59:21.0797 2768 DcomLaunch - ok 23:59:21.0906 2768 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 23:59:22.0046 2768 DfsC - ok 23:59:22.0468 2768 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 23:59:22.0780 2768 DFSR - ok 23:59:22.0889 2768 [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 23:59:22.0951 2768 dg_ssudbus - ok 23:59:23.0076 2768 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 23:59:23.0154 2768 Dhcp - ok 23:59:23.0216 2768 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 23:59:23.0263 2768 disk - ok 23:59:23.0341 2768 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 23:59:23.0450 2768 Dnscache - ok 23:59:23.0544 2768 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 23:59:23.0669 2768 dot3svc - ok 23:59:23.0731 2768 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 23:59:23.0872 2768 DPS - ok 23:59:23.0965 2768 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 23:59:24.0043 2768 drmkaud - ok 23:59:24.0106 2768 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 23:59:24.0262 2768 DXGKrnl - ok 23:59:24.0355 2768 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 23:59:24.0527 2768 E1G60 - ok 23:59:24.0605 2768 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 23:59:24.0683 2768 EapHost - ok 23:59:24.0761 2768 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 23:59:24.0808 2768 Ecache - ok 23:59:25.0042 2768 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 23:59:25.0166 2768 ehRecvr - ok 23:59:25.0260 2768 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 23:59:25.0354 2768 ehSched - ok 23:59:25.0416 2768 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 23:59:25.0463 2768 ehstart - ok 23:59:25.0572 2768 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys 23:59:25.0650 2768 elxstor - ok 23:59:25.0728 2768 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 23:59:25.0900 2768 EMDMgmt - ok 23:59:26.0056 2768 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 23:59:26.0149 2768 EventSystem - ok 23:59:26.0243 2768 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 23:59:26.0321 2768 exfat - ok 23:59:26.0399 2768 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 23:59:26.0492 2768 fastfat - ok 23:59:26.0648 2768 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe 23:59:26.0773 2768 Fax - ok 23:59:26.0851 2768 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 23:59:27.0023 2768 fdc - ok 23:59:27.0101 2768 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 23:59:27.0194 2768 fdPHost - ok 23:59:27.0288 2768 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 23:59:27.0506 2768 FDResPub - ok 23:59:27.0569 2768 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 23:59:27.0616 2768 FileInfo - ok 23:59:27.0709 2768 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 23:59:27.0818 2768 Filetrace - ok 23:59:27.0912 2768 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 23:59:28.0099 2768 flpydisk - ok 23:59:28.0224 2768 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 23:59:28.0302 2768 FltMgr - ok 23:59:28.0442 2768 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 23:59:28.0864 2768 FontCache - ok 23:59:29.0020 2768 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 23:59:29.0082 2768 FontCache3.0.0.0 - ok 23:59:29.0129 2768 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 23:59:29.0238 2768 Fs_Rec - ok 23:59:29.0300 2768 [ FECF4C2E42440A8D132BF94EEE3C3FC9 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 23:59:29.0363 2768 fvevol - ok 23:59:29.0456 2768 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 23:59:29.0534 2768 gagp30kx - ok 23:59:29.0690 2768 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 23:59:29.0815 2768 gpsvc - ok 23:59:30.0018 2768 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 23:59:30.0049 2768 gupdate - ok 23:59:30.0065 2768 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 23:59:30.0143 2768 gupdatem - ok 23:59:30.0299 2768 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 23:59:30.0439 2768 HdAudAddService - ok 23:59:30.0751 2768 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 23:59:30.0938 2768 HDAudBus - ok 23:59:31.0110 2768 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 23:59:31.0313 2768 HidBth - ok 23:59:31.0344 2768 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 23:59:31.0500 2768 HidIr - ok 23:59:31.0531 2768 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 23:59:31.0609 2768 hidserv - ok 23:59:31.0672 2768 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 23:59:31.0765 2768 HidUsb - ok 23:59:31.0812 2768 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 23:59:31.0906 2768 hkmsvc - ok 23:59:31.0999 2768 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 23:59:32.0030 2768 HpCISSs - ok 23:59:32.0202 2768 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 23:59:32.0249 2768 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 23:59:32.0249 2768 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 23:59:32.0327 2768 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 23:59:32.0374 2768 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 23:59:32.0374 2768 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 23:59:32.0436 2768 [ 75F122CDCA3C71BD09089F2CA824B796 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL 23:59:32.0498 2768 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning 23:59:32.0498 2768 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 23:59:32.0592 2768 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 23:59:32.0686 2768 HSFHWAZL - ok 23:59:32.0842 2768 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS 23:59:33.0013 2768 HSF_DPV - ok 23:59:33.0138 2768 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 23:59:33.0278 2768 HTTP - ok 23:59:33.0372 2768 [ 2F23ABA465B24A57E8664A124A53CC15 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys 23:59:33.0497 2768 huawei_enumerator - ok 23:59:33.0559 2768 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys 23:59:33.0668 2768 i2omp - ok 23:59:33.0746 2768 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 23:59:33.0856 2768 i8042prt - ok 23:59:33.0934 2768 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 23:59:34.0027 2768 iaStorV - ok 23:59:34.0308 2768 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 23:59:34.0511 2768 idsvc - ok 23:59:34.0558 2768 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 23:59:34.0604 2768 iirsp - ok 23:59:34.0714 2768 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 23:59:34.0823 2768 IKEEXT - ok 23:59:34.0963 2768 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 23:59:35.0041 2768 intelide - ok 23:59:35.0182 2768 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 23:59:35.0291 2768 intelppm - ok 23:59:35.0431 2768 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 23:59:35.0540 2768 IPBusEnum - ok 23:59:35.0603 2768 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:59:35.0712 2768 IpFilterDriver - ok 23:59:35.0759 2768 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 23:59:35.0868 2768 iphlpsvc - ok 23:59:35.0884 2768 IpInIp - ok 23:59:35.0977 2768 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 23:59:36.0133 2768 IPMIDRV - ok 23:59:36.0180 2768 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 23:59:36.0289 2768 IPNAT - ok 23:59:36.0336 2768 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 23:59:36.0461 2768 IRENUM - ok 23:59:36.0492 2768 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys 23:59:36.0554 2768 isapnp - ok 23:59:36.0586 2768 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 23:59:36.0632 2768 iScsiPrt - ok 23:59:36.0710 2768 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 23:59:36.0742 2768 iteatapi - ok 23:59:36.0773 2768 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 23:59:36.0820 2768 iteraid - ok 23:59:36.0866 2768 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 23:59:36.0944 2768 kbdclass - ok 23:59:37.0007 2768 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 23:59:37.0100 2768 kbdhid - ok 23:59:37.0132 2768 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 23:59:37.0210 2768 KeyIso - ok 23:59:37.0303 2768 [ EA26CB00F83686856F2C79673C00C686 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys 23:59:37.0350 2768 KL1 - ok 23:59:37.0490 2768 [ FBC7F840F1118D358D2AFB8C1714B384 ] KLIF C:\Windows\system32\DRIVERS\klif.sys 23:59:37.0600 2768 KLIF - ok 23:59:37.0709 2768 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys 23:59:37.0740 2768 KLIM6 - ok 23:59:37.0849 2768 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys 23:59:37.0943 2768 klkbdflt - ok 23:59:37.0990 2768 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys 23:59:38.0036 2768 klmouflt - ok 23:59:38.0130 2768 [ 53C0DF6C5139CB78A631E7AFCD893730 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys 23:59:38.0177 2768 kltdi - ok 23:59:38.0239 2768 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\Windows\system32\DRIVERS\kneps.sys 23:59:38.0286 2768 kneps - ok 23:59:38.0380 2768 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 23:59:38.0458 2768 KSecDD - ok 23:59:38.0536 2768 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 23:59:38.0660 2768 KtmRm - ok 23:59:38.0723 2768 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 23:59:38.0816 2768 LanmanServer - ok 23:59:38.0894 2768 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 23:59:38.0988 2768 LanmanWorkstation - ok 23:59:39.0035 2768 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 23:59:39.0144 2768 lltdio - ok 23:59:39.0253 2768 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 23:59:39.0394 2768 lltdsvc - ok 23:59:39.0440 2768 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 23:59:39.0596 2768 lmhosts - ok 23:59:39.0659 2768 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 23:59:39.0706 2768 LSI_FC - ok 23:59:39.0737 2768 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 23:59:39.0784 2768 LSI_SAS - ok 23:59:39.0815 2768 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 23:59:39.0877 2768 LSI_SCSI - ok 23:59:39.0940 2768 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 23:59:40.0049 2768 luafv - ok 23:59:40.0111 2768 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 23:59:40.0252 2768 Mcx2Svc - ok 23:59:40.0283 2768 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys 23:59:40.0314 2768 megasas - ok 23:59:40.0376 2768 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 23:59:40.0517 2768 MMCSS - ok 23:59:40.0579 2768 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 23:59:40.0688 2768 Modem - ok 23:59:40.0735 2768 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 23:59:40.0829 2768 monitor - ok 23:59:40.0876 2768 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 23:59:40.0922 2768 mouclass - ok 23:59:40.0985 2768 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 23:59:41.0063 2768 mouhid - ok 23:59:41.0125 2768 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 23:59:41.0172 2768 MountMgr - ok 23:59:41.0281 2768 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 23:59:41.0328 2768 MozillaMaintenance - ok 23:59:41.0390 2768 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys 23:59:41.0453 2768 mpio - ok 23:59:41.0484 2768 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 23:59:41.0562 2768 mpsdrv - ok 23:59:41.0702 2768 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 23:59:41.0843 2768 MpsSvc - ok 23:59:41.0890 2768 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 23:59:41.0936 2768 Mraid35x - ok 23:59:41.0999 2768 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 23:59:42.0092 2768 MRxDAV - ok 23:59:42.0139 2768 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 23:59:42.0233 2768 mrxsmb - ok 23:59:42.0295 2768 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:59:42.0373 2768 mrxsmb10 - ok 23:59:42.0389 2768 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:59:42.0482 2768 mrxsmb20 - ok 23:59:42.0560 2768 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys 23:59:42.0623 2768 msahci - ok 23:59:42.0685 2768 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys 23:59:42.0748 2768 msdsm - ok 23:59:42.0779 2768 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 23:59:42.0888 2768 MSDTC - ok 23:59:42.0950 2768 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 23:59:43.0044 2768 Msfs - ok 23:59:43.0138 2768 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 23:59:43.0184 2768 msisadrv - ok 23:59:43.0216 2768 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 23:59:43.0325 2768 MSiSCSI - ok 23:59:43.0340 2768 msiserver - ok 23:59:43.0418 2768 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 23:59:43.0512 2768 MSKSSRV - ok 23:59:43.0543 2768 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 23:59:43.0637 2768 MSPCLOCK - ok 23:59:43.0699 2768 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 23:59:43.0777 2768 MSPQM - ok 23:59:43.0855 2768 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 23:59:43.0902 2768 MsRPC - ok 23:59:43.0980 2768 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 23:59:44.0042 2768 mssmbios - ok 23:59:44.0089 2768 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 23:59:44.0198 2768 MSTEE - ok 23:59:44.0214 2768 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 23:59:44.0292 2768 Mup - ok 23:59:44.0354 2768 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 23:59:44.0510 2768 napagent - ok 23:59:44.0557 2768 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 23:59:44.0666 2768 NativeWifiP - ok 23:59:44.0791 2768 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 23:59:44.0885 2768 NDIS - ok 23:59:44.0963 2768 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 23:59:45.0025 2768 NdisTapi - ok 23:59:45.0072 2768 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 23:59:45.0181 2768 Ndisuio - ok 23:59:45.0244 2768 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 23:59:45.0322 2768 NdisWan - ok 23:59:45.0368 2768 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 23:59:45.0478 2768 NDProxy - ok 23:59:45.0540 2768 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 23:59:45.0602 2768 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 23:59:45.0602 2768 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 23:59:45.0634 2768 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 23:59:45.0712 2768 NetBIOS - ok 23:59:45.0758 2768 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 23:59:45.0868 2768 netbt - ok 23:59:45.0883 2768 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 23:59:45.0946 2768 Netlogon - ok 23:59:46.0070 2768 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 23:59:46.0180 2768 Netman - ok 23:59:46.0258 2768 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 23:59:46.0367 2768 netprofm - ok 23:59:46.0429 2768 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:59:46.0523 2768 NetTcpPortSharing - ok 23:59:46.0726 2768 [ A15F219208843A5A210C8CB391384453 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys 23:59:47.0038 2768 NETw3v32 - ok 23:59:47.0490 2768 [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys 23:59:47.0818 2768 NETw4v32 - ok 23:59:47.0896 2768 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 23:59:47.0958 2768 nfrd960 - ok 23:59:48.0020 2768 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 23:59:48.0130 2768 NlaSvc - ok 23:59:48.0239 2768 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys 23:59:48.0364 2768 nmwcd - ok 23:59:48.0473 2768 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 23:59:48.0566 2768 Npfs - ok 23:59:48.0660 2768 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 23:59:48.0754 2768 nsi - ok 23:59:48.0910 2768 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 23:59:49.0019 2768 nsiproxy - ok 23:59:49.0222 2768 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 23:59:49.0393 2768 Ntfs - ok 23:59:49.0424 2768 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 23:59:49.0549 2768 ntrigdigi - ok 23:59:49.0612 2768 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 23:59:49.0768 2768 Null - ok 23:59:50.0860 2768 [ 8FE5350FA6A9F0B6633AEE811C468954 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 23:59:51.0655 2768 nvlddmkm - ok 23:59:51.0702 2768 [ 6F785DB62A6D8F3FAFD3E5695277E849 ] nvraid C:\Windows\system32\drivers\nvraid.sys 23:59:51.0874 2768 nvraid - ok 23:59:51.0920 2768 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys 23:59:51.0983 2768 nvstor - ok 23:59:52.0030 2768 [ DED8F2C0070478F13C37F7BD849B83FA ] nvsvc C:\Windows\system32\nvvsvc.exe 23:59:52.0076 2768 nvsvc - ok 23:59:52.0139 2768 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 23:59:52.0186 2768 nv_agp - ok 23:59:52.0186 2768 NwlnkFlt - ok 23:59:52.0201 2768 NwlnkFwd - ok 23:59:52.0279 2768 [ 19CAC780B858822055F46C58A111723C ] OEM02Dev C:\Windows\system32\DRIVERS\OEM02Dev.sys 23:59:52.0388 2768 OEM02Dev - ok 23:59:52.0420 2768 [ 86326062A90494BDD79CE383511D7D69 ] OEM02Vfx C:\Windows\system32\DRIVERS\OEM02Vfx.sys 23:59:52.0466 2768 OEM02Vfx - ok 23:59:52.0576 2768 [ F0F6BEE889236BB6D6A94560D7EEA2AC ] ogmservice C:\Program Files\Online Games Manager\ogmservice.exe 23:59:52.0669 2768 ogmservice - ok 23:59:52.0778 2768 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 23:59:52.0841 2768 ohci1394 - ok 23:59:52.0903 2768 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 23:59:53.0044 2768 p2pimsvc - ok 23:59:53.0090 2768 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 23:59:53.0153 2768 p2psvc - ok 23:59:53.0215 2768 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 23:59:53.0371 2768 Parport - ok 23:59:53.0418 2768 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 23:59:53.0465 2768 partmgr - ok 23:59:53.0496 2768 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 23:59:53.0652 2768 Parvdm - ok 23:59:53.0699 2768 PCASp50 - ok 23:59:53.0808 2768 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 23:59:53.0902 2768 PcaSvc - ok 23:59:54.0058 2768 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys 23:59:54.0167 2768 pccsmcfd - ok 23:59:54.0214 2768 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 23:59:54.0276 2768 pci - ok 23:59:54.0323 2768 [ 20B869152448F80AC49CF10264E91F5E ] pciide C:\Windows\system32\drivers\pciide.sys 23:59:54.0354 2768 pciide - ok 23:59:54.0416 2768 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 23:59:54.0463 2768 pcmcia - ok 23:59:54.0557 2768 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 23:59:54.0806 2768 PEAUTH - ok 23:59:54.0916 2768 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 23:59:55.0196 2768 pla - ok 23:59:55.0243 2768 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 23:59:55.0337 2768 PlugPlay - ok 23:59:55.0430 2768 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 23:59:55.0493 2768 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 23:59:55.0493 2768 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 23:59:55.0540 2768 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 23:59:55.0602 2768 PNRPAutoReg - ok 23:59:55.0664 2768 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 23:59:55.0742 2768 PNRPsvc - ok 23:59:55.0805 2768 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 23:59:55.0898 2768 PolicyAgent - ok 23:59:55.0992 2768 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 23:59:56.0132 2768 PptpMiniport - ok 23:59:56.0179 2768 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys 23:59:56.0304 2768 Processor - ok 23:59:56.0335 2768 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 23:59:56.0444 2768 ProfSvc - ok 23:59:56.0476 2768 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 23:59:56.0522 2768 ProtectedStorage - ok 23:59:56.0569 2768 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 23:59:56.0663 2768 PSched - ok 23:59:56.0756 2768 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys 23:59:56.0866 2768 ql2300 - ok 23:59:56.0897 2768 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 23:59:56.0944 2768 ql40xx - ok 23:59:57.0006 2768 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 23:59:57.0115 2768 QWAVE - ok 23:59:57.0162 2768 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 23:59:57.0209 2768 QWAVEdrv - ok 23:59:57.0256 2768 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 23:59:57.0349 2768 RasAcd - ok 23:59:57.0380 2768 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 23:59:57.0521 2768 RasAuto - ok 23:59:57.0599 2768 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 23:59:57.0692 2768 Rasl2tp - ok 23:59:57.0817 2768 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 23:59:57.0911 2768 RasMan - ok 23:59:58.0051 2768 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 23:59:58.0176 2768 RasPppoe - ok 23:59:58.0270 2768 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 23:59:58.0348 2768 RasSstp - ok 23:59:58.0410 2768 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 23:59:58.0597 2768 rdbss - ok 23:59:58.0660 2768 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 23:59:58.0738 2768 RDPCDD - ok 23:59:58.0925 2768 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys 23:59:59.0081 2768 rdpdr - ok 23:59:59.0128 2768 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 23:59:59.0206 2768 RDPENCDD - ok 23:59:59.0299 2768 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 23:59:59.0393 2768 RDPWD - ok 23:59:59.0518 2768 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe 23:59:59.0549 2768 RealNetworks Downloader Resolver Service - ok 23:59:59.0596 2768 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 23:59:59.0705 2768 RemoteAccess - ok 23:59:59.0752 2768 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 23:59:59.0892 2768 RemoteRegistry - ok 23:59:59.0954 2768 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 00:00:00.0032 2768 RFCOMM - ok 00:00:00.0095 2768 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys 00:00:00.0157 2768 rismxdp - ok 00:00:00.0251 2768 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 00:00:00.0376 2768 RpcLocator - ok 00:00:00.0500 2768 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 00:00:00.0578 2768 RpcSs - ok 00:00:00.0656 2768 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 00:00:00.0797 2768 rspndr - ok 00:00:00.0797 2768 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 00:00:00.0859 2768 SamSs - ok 00:00:00.0906 2768 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 00:00:00.0953 2768 sbp2port - ok 00:00:01.0000 2768 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 00:00:01.0140 2768 SCardSvr - ok 00:00:01.0234 2768 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 00:00:01.0530 2768 Schedule - ok 00:00:01.0624 2768 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 00:00:01.0702 2768 SCPolicySvc - ok 00:00:01.0826 2768 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 00:00:01.0936 2768 sdbus - ok 00:00:02.0045 2768 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 00:00:02.0154 2768 SDRSVC - ok 00:00:02.0201 2768 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 00:00:02.0341 2768 secdrv - ok 00:00:02.0404 2768 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 00:00:02.0544 2768 seclogon - ok 00:00:02.0606 2768 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 00:00:02.0716 2768 SENS - ok 00:00:02.0809 2768 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 00:00:02.0996 2768 Serenum - ok 00:00:03.0090 2768 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 00:00:03.0293 2768 Serial - ok 00:00:03.0340 2768 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 00:00:03.0480 2768 sermouse - ok 00:00:03.0854 2768 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 00:00:04.0057 2768 ServiceLayer - ok 00:00:04.0135 2768 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 00:00:04.0385 2768 SessionEnv - ok 00:00:04.0478 2768 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 00:00:04.0619 2768 sffdisk - ok 00:00:04.0634 2768 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 00:00:04.0775 2768 sffp_mmc - ok 00:00:04.0822 2768 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 00:00:04.0978 2768 sffp_sd - ok 00:00:05.0024 2768 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 00:00:05.0149 2768 sfloppy - ok 00:00:05.0212 2768 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 00:00:05.0368 2768 SharedAccess - ok 00:00:05.0430 2768 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 00:00:05.0539 2768 ShellHWDetection - ok 00:00:05.0586 2768 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys 00:00:05.0633 2768 sisagp - ok 00:00:05.0664 2768 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 00:00:05.0711 2768 SiSRaid2 - ok 00:00:05.0742 2768 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 00:00:05.0789 2768 SiSRaid4 - ok 00:00:05.0992 2768 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 00:00:06.0101 2768 SkypeUpdate - ok 00:00:06.0335 2768 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 00:00:06.0725 2768 slsvc - ok 00:00:06.0756 2768 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 00:00:06.0881 2768 SLUINotify - ok 00:00:06.0928 2768 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 00:00:07.0037 2768 Smb - ok 00:00:07.0146 2768 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 00:00:07.0255 2768 SNMPTRAP - ok 00:00:07.0318 2768 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 00:00:07.0396 2768 spldr - ok 00:00:07.0474 2768 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 00:00:07.0567 2768 Spooler - ok 00:00:07.0614 2768 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 00:00:07.0817 2768 srv - ok 00:00:07.0879 2768 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 00:00:07.0973 2768 srv2 - ok 00:00:07.0988 2768 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 00:00:08.0035 2768 srvnet - ok 00:00:08.0082 2768 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 00:00:08.0176 2768 SSDPSRV - ok 00:00:08.0269 2768 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 00:00:08.0347 2768 SstpSvc - ok 00:00:08.0410 2768 [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 00:00:08.0456 2768 ssudmdm - ok 00:00:08.0519 2768 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 00:00:08.0612 2768 StillCam - ok 00:00:08.0768 2768 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 00:00:08.0846 2768 stisvc - ok 00:00:08.0862 2768 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 00:00:08.0909 2768 swenum - ok 00:00:09.0049 2768 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 00:00:09.0143 2768 swprv - ok 00:00:09.0205 2768 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 00:00:09.0268 2768 Symc8xx - ok 00:00:09.0330 2768 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 00:00:09.0408 2768 Sym_hi - ok 00:00:09.0439 2768 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 00:00:09.0517 2768 Sym_u3 - ok 00:00:09.0673 2768 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 00:00:09.0829 2768 SysMain - ok 00:00:09.0892 2768 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 00:00:09.0970 2768 TabletInputService - ok 00:00:10.0110 2768 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 00:00:10.0188 2768 TapiSrv - ok 00:00:10.0235 2768 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 00:00:10.0313 2768 TBS - ok 00:00:10.0656 2768 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 00:00:10.0812 2768 Tcpip - ok 00:00:11.0140 2768 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 00:00:11.0218 2768 Tcpip6 - ok 00:00:11.0296 2768 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 00:00:11.0483 2768 tcpipreg - ok 00:00:11.0561 2768 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 00:00:11.0670 2768 TDPIPE - ok 00:00:11.0732 2768 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 00:00:11.0810 2768 TDTCP - ok 00:00:11.0935 2768 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 00:00:12.0013 2768 tdx - ok 00:00:12.0076 2768 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 00:00:12.0138 2768 TermDD - ok 00:00:12.0263 2768 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 00:00:12.0450 2768 TermService - ok 00:00:12.0512 2768 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 00:00:12.0575 2768 Themes - ok 00:00:12.0606 2768 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 00:00:12.0684 2768 THREADORDER - ok 00:00:12.0715 2768 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 00:00:12.0809 2768 TrkWks - ok 00:00:12.0902 2768 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 00:00:12.0980 2768 TrustedInstaller - ok 00:00:13.0043 2768 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 00:00:13.0136 2768 tssecsrv - ok 00:00:13.0183 2768 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 00:00:13.0246 2768 tunmp - ok 00:00:13.0261 2768 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 00:00:13.0324 2768 tunnel - ok 00:00:13.0386 2768 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 00:00:13.0433 2768 uagp35 - ok 00:00:13.0480 2768 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 00:00:13.0573 2768 udfs - ok 00:00:13.0636 2768 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 00:00:13.0729 2768 UI0Detect - ok 00:00:13.0776 2768 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 00:00:13.0870 2768 uliagpkx - ok 00:00:13.0932 2768 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys 00:00:14.0026 2768 uliahci - ok 00:00:14.0072 2768 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 00:00:14.0119 2768 UlSata - ok 00:00:14.0150 2768 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 00:00:14.0197 2768 ulsata2 - ok 00:00:14.0260 2768 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 00:00:14.0353 2768 umbus - ok 00:00:14.0416 2768 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll 00:00:14.0525 2768 UmRdpService - ok 00:00:14.0587 2768 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 00:00:14.0681 2768 upnphost - ok 00:00:14.0759 2768 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 00:00:14.0837 2768 usbccgp - ok 00:00:14.0899 2768 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 00:00:15.0024 2768 usbcir - ok 00:00:15.0086 2768 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 00:00:15.0180 2768 usbehci - ok 00:00:15.0227 2768 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 00:00:15.0305 2768 usbhub - ok 00:00:15.0336 2768 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 00:00:15.0476 2768 usbohci - ok 00:00:15.0492 2768 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys 00:00:15.0648 2768 usbprint - ok 00:00:15.0710 2768 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:00:15.0804 2768 USBSTOR - ok 00:00:15.0851 2768 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 00:00:15.0929 2768 usbuhci - ok 00:00:15.0976 2768 [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 00:00:16.0116 2768 usbvideo - ok 00:00:16.0178 2768 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 00:00:16.0272 2768 UxSms - ok 00:00:16.0319 2768 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 00:00:16.0506 2768 vds - ok 00:00:16.0584 2768 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 00:00:16.0724 2768 vga - ok 00:00:16.0802 2768 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 00:00:16.0896 2768 VgaSave - ok 00:00:16.0943 2768 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys 00:00:17.0036 2768 viaagp - ok 00:00:17.0114 2768 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 00:00:17.0255 2768 ViaC7 - ok 00:00:17.0302 2768 [ 58C8D5AC5C3EEF40E7E704A5CED7987D ] viaide C:\Windows\system32\drivers\viaide.sys 00:00:17.0348 2768 viaide - ok 00:00:17.0395 2768 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 00:00:17.0442 2768 volmgr - ok 00:00:17.0489 2768 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 00:00:17.0551 2768 volmgrx - ok 00:00:17.0614 2768 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 00:00:17.0676 2768 volsnap - ok 00:00:17.0801 2768 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 00:00:17.0848 2768 vsmraid - ok 00:00:17.0910 2768 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 00:00:18.0128 2768 VSS - ok 00:00:18.0175 2768 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 00:00:18.0269 2768 W32Time - ok 00:00:18.0300 2768 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 00:00:18.0456 2768 WacomPen - ok 00:00:18.0518 2768 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 00:00:18.0581 2768 Wanarp - ok 00:00:18.0596 2768 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 00:00:18.0674 2768 Wanarpv6 - ok 00:00:18.0737 2768 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe 00:00:18.0893 2768 wbengine - ok 00:00:18.0940 2768 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 00:00:19.0064 2768 wcncsvc - ok 00:00:19.0111 2768 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 00:00:19.0189 2768 WcsPlugInService - ok 00:00:19.0236 2768 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys 00:00:19.0267 2768 Wd - ok 00:00:19.0330 2768 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 00:00:19.0501 2768 Wdf01000 - ok 00:00:19.0610 2768 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 00:00:19.0860 2768 WdiServiceHost - ok 00:00:19.0907 2768 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 00:00:20.0000 2768 WdiSystemHost - ok 00:00:20.0110 2768 [ 82943769AC01805A0D2BA74D0925A45D ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe 00:00:20.0172 2768 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning 00:00:20.0172 2768 Web Assistant Updater - detected UnsignedFile.Multi.Generic (1) 00:00:20.0219 2768 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 00:00:20.0281 2768 WebClient - ok 00:00:20.0328 2768 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 00:00:20.0500 2768 Wecsvc - ok 00:00:20.0562 2768 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 00:00:20.0687 2768 wercplsupport - ok 00:00:20.0734 2768 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 00:00:20.0812 2768 WerSvc - ok 00:00:20.0890 2768 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 00:00:21.0046 2768 winachsf - ok 00:00:21.0139 2768 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 00:00:21.0233 2768 WinDefend - ok 00:00:21.0248 2768 WinHttpAutoProxySvc - ok 00:00:21.0342 2768 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 00:00:21.0420 2768 Winmgmt - ok 00:00:21.0498 2768 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 00:00:21.0732 2768 WinRM - ok 00:00:21.0841 2768 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 00:00:21.0966 2768 Wlansvc - ok 00:00:22.0028 2768 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 00:00:22.0075 2768 wlcrasvc - ok 00:00:22.0231 2768 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 00:00:22.0481 2768 wlidsvc - ok 00:00:22.0512 2768 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 00:00:22.0606 2768 WmiAcpi - ok 00:00:22.0652 2768 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 00:00:22.0746 2768 wmiApSrv - ok 00:00:22.0871 2768 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 00:00:23.0011 2768 WMPNetworkSvc - ok 00:00:23.0042 2768 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 00:00:23.0152 2768 WPCSvc - ok 00:00:23.0214 2768 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 00:00:23.0354 2768 WPDBusEnum - ok 00:00:23.0401 2768 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 00:00:23.0464 2768 WpdUsb - ok 00:00:23.0651 2768 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 00:00:23.0776 2768 WPFFontCache_v0400 - ok 00:00:23.0807 2768 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 00:00:23.0900 2768 ws2ifsl - ok 00:00:23.0947 2768 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 00:00:24.0041 2768 wscsvc - ok 00:00:24.0103 2768 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 00:00:24.0166 2768 WSDPrintDevice - ok 00:00:24.0181 2768 WSearch - ok 00:00:24.0306 2768 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 00:00:24.0540 2768 wuauserv - ok 00:00:24.0587 2768 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 00:00:24.0696 2768 WudfPf - ok 00:00:24.0743 2768 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 00:00:24.0790 2768 WUDFRd - ok 00:00:24.0836 2768 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 00:00:24.0883 2768 wudfsvc - ok 00:00:24.0992 2768 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 00:00:25.0070 2768 ZTEusbmdm6k - ok 00:00:25.0133 2768 [ 453A60F8DC22FC296BC482CBF3EFF213 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys 00:00:25.0195 2768 ZTEusbnet - ok 00:00:25.0242 2768 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 00:00:25.0289 2768 ZTEusbnmea - ok 00:00:25.0336 2768 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 00:00:25.0398 2768 ZTEusbser6k - ok 00:00:25.0445 2768 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys 00:00:25.0492 2768 ZTEusbvoice - ok 00:00:25.0554 2768 ================ Scan global =============================== 00:00:25.0616 2768 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 00:00:25.0663 2768 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 00:00:25.0741 2768 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 00:00:25.0788 2768 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 00:00:25.0819 2768 [Global] - ok 00:00:25.0819 2768 ================ Scan MBR ================================== 00:00:25.0819 2768 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 00:00:27.0052 2768 \Device\Harddisk0\DR0 - ok 00:00:27.0098 2768 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1 00:00:27.0473 2768 \Device\Harddisk1\DR1 - ok 00:00:27.0520 2768 ================ Scan VBR ================================== 00:00:27.0551 2768 [ 05A7420CCC8F9421D69DC19FDAE74F60 ] \Device\Harddisk0\DR0\Partition1 00:00:27.0551 2768 \Device\Harddisk0\DR0\Partition1 - ok 00:00:27.0598 2768 [ D8BF565DA25276946D11D37AC515E93E ] \Device\Harddisk1\DR1\Partition1 00:00:27.0598 2768 \Device\Harddisk1\DR1\Partition1 - ok 00:00:27.0613 2768 ============================================================ 00:00:27.0613 2768 Scan finished 00:00:27.0613 2768 ============================================================ 00:00:27.0644 4424 Detected object count: 6 00:00:27.0644 4424 Actual detected object count: 6 00:03:09.0887 4424 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 00:03:09.0887 4424 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:03:09.0902 4424 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 00:03:09.0902 4424 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:03:09.0902 4424 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user 00:03:09.0902 4424 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:03:09.0918 4424 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 00:03:09.0918 4424 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:03:09.0918 4424 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 00:03:09.0918 4424 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:03:09.0918 4424 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user 00:03:09.0918 4424 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:03:22.0445 5200 Deinitialize success Dich könnte ich in der Arbeit gebrauchen! Da arbeiten wir auf Terminalserver bzw. wir im EWO (Meldeamt) haben noch Rechner und keine Clients. Di + Mi haben wir auf Outsourcing umgestellt und anscheinend geht unser Programm OK.EWO nicht über den Terminalserver. Gott sei Dank habe ich Urlaub und bekomme das, was schief geht, alles erst am Dienstag mit. Sonst hätte ich heute ständig mit der Hotline arbeiten müssen und erklären was alles nicht mehr geht. Mit der Software kenne ich mich ein bisschen aus. Genügend privat geplaudert. Interessiert dich wahrscheinlich eh nicht. Musste ich aber mal loswerden. Frau halt. Ich hoffe du schläfst gut! Bis dann! LG witchy |
04.04.2013, 23:47 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mail delivery failed Emails - vermutlich Maleware Problem Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Mail delivery failed Emails - vermutlich Maleware Problem |
05.04.2013, 12:36 | #7 |
| Mail delivery failed Emails - vermutlich Maleware Problem Guten Morgen bzw. Mahlzeit, so Combofix ist durchgelaufen und hat fast 45 Minuten gebraucht. Hier die Log-Datei: Code:
ATTFilter ComboFix 13-04-04.01 - Rike 05.04.2013 12:28:32.1.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1031.18.2045.885 [GMT 2:00] ausgeführt von:: c:\users\Rike\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Web Assistant\ExTEnsion32.dll c:\users\Rike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk c:\windows\system32\AutoRun.inf . . ((((((((((((((((((((((( Dateien erstellt von 2013-03-05 bis 2013-04-05 )))))))))))))))))))))))))))))) . . 2013-04-05 10:52 . 2013-04-05 10:57 -------- d-----w- c:\users\Rike\AppData\Local\temp 2013-04-05 10:52 . 2013-04-05 10:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-05 09:47 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FED1F882-6AD4-47D4-BD88-068781E97DB9}\mpengine.dll 2013-03-26 21:37 . 2013-03-26 21:37 -------- d-----w- c:\users\Rike\AppData\Roaming\Malwarebytes 2013-03-26 21:36 . 2013-03-26 21:36 -------- d-----w- c:\programdata\Malwarebytes 2013-03-26 21:36 . 2013-03-26 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-03-26 21:36 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-20 19:50 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-15 00:34 . 2013-02-02 03:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-03-15 00:34 . 2013-02-02 04:19 149552 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-03-15 00:34 . 2013-02-02 03:26 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-03-10 14:18 . 2013-03-10 14:18 -------- d-----w- c:\users\Rike\AppData\Local\GameHouse . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-11 23:10 . 2011-07-15 08:52 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-02-23 00:24 . 2013-02-23 00:25 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-08 10:50 . 2012-06-29 17:19 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-08 10:50 . 2011-07-27 18:08 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-08 12:56 . 2013-03-08 12:56 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{990af1c2-5a27-4460-8149-ecc6bc122af3}"= "c:\program files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{990af1c2-5a27-4460-8149-ecc6bc122af3}] . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{990af1c2-5a27-4460-8149-ecc6bc122af3}] 2011-05-09 09:49 176936 ----a-w- c:\program files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{990af1c2-5a27-4460-8149-ecc6bc122af3}"= "c:\program files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{990af1c2-5a27-4460-8149-ecc6bc122af3}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{990AF1C2-5A27-4460-8149-ECC6BC122AF3}"= "c:\program files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{990af1c2-5a27-4460-8149-ecc6bc122af3}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-11-13 366576] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-30 356376] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-12-18 295072] "PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-12-12 163000] . c:\users\Rike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2006-11-2 44544] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPService REG_MULTI_SZ HPSLPSVC . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] 2008-04-11 15:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-01 17:25 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] 2008-08-28 08:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe . Inhalt des "geplante Tasks" Ordners . 2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-14 22:57] . 2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-14 22:57] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Rike\AppData\Roaming\Mozilla\Firefox\Profiles\15samsl2.default\ FF - prefs.js: browser.startup.homepage - www.ebay.de FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1a362281000000000000001dd9eb4d47&tlver=1.4.31.2&instlRef=&ss=1&affID=100365&q= . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-hpqSRMon - (no file) SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-04-05 12:57 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2475440407-2368312562-3497043702-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**?HÑñ±m] "LP_LastUpdateTime"="0" "LP_LastCheckTime"=dword:50ad3019 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2013-04-05 13:02:26 ComboFix-quarantined-files.txt 2013-04-05 11:02 . Vor Suchlauf: 5 Verzeichnis(se), 91.136.118.784 Bytes frei Nach Suchlauf: 8 Verzeichnis(se), 92.016.672.768 Bytes frei . - - End Of File - - 72FAE8E21308B1AC1F416A7C4B8BC84B |
05.04.2013, 13:53 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mail delivery failed Emails - vermutlich Maleware Problem JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
05.04.2013, 17:58 | #9 |
| Mail delivery failed Emails - vermutlich Maleware Problem So alles abgearbeitet! Endlich ist meine blöde Toolbar beim I-Explorer weg. DANKE! Jetzt wäre es noch klasse wenn der Adobe Flashplayer sich nicht immer beim Firefox, den ich als Browser nutze, aufhängen und abstürzen würde. JRT Ergebnis: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.8.2 (04.04.2013:1) OS: Windows Vista (TM) Ultimate x86 Ran by Rike on 05.04.2013 at 16:59:32,03 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [Service] web assistant updater Successfully deleted: [Service] web assistant updater ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{98889811-442d-49dd-99d7-dc866be87dbc} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2475440407-2368312562-3497043702-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-2475440407-2368312562-3497043702-1000\software\web assistant" Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1 Successfully deleted: [Registry Key] hkey_classes_root\esrv.babylonesrvc Successfully deleted: [Registry Key] hkey_classes_root\esrv.babylonesrvc.1 Successfully deleted: [Registry Key] hkey_local_machine\software\babylon Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar Successfully deleted: [Registry Key] hkey_local_machine\software\babylontoolbar Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\im Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller Successfully deleted: [Registry Key] hkey_local_machine\software\iminstaller Successfully deleted: [Registry Key] hkey_current_user\software\softonic Successfully deleted: [Registry Key] hkey_local_machine\software\web assistant Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\extension.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\b Successfully deleted: [Registry Key] hkey_local_machine\software\classes\babylon.dskbnd Successfully deleted: [Registry Key] hkey_local_machine\software\classes\babylon.dskbnd.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylnapp.appcore Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylnapp.appcore.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine Successfully deleted: [Registry Key] hkey_local_machine\software\classes\escort.escrtbtn.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2724407 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{291bccc1-6890-484a-89d3-318c928dac1b} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2eecd738-5844-4a99-b4b6-146bf802613b} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{98889811-442d-49dd-99d7-dc866be87dbc} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{b8276a94-891d-453c-9ff3-715c042a2575} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ffb9adcb-8c79-4c29-81d3-74d46a93d370} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\ProgramData\trymedia" Successfully deleted: [Folder] "C:\Users\Rike\AppData\Roaming\babylon" Successfully deleted: [Folder] "C:\Users\Rike\appdata\local\babylon" Successfully deleted: [Folder] "C:\Users\Rike\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Rike\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Rike\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Program Files\babylontoolbar" Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\Program Files\web assistant" ~~~ FireFox Successfully deleted: [Folder] C:\Users\Rike\AppData\Roaming\mozilla\firefox\profiles\15samsl2.default\extensions\ffxtlbr@babylon.com Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087} Successfully deleted the following from C:\Users\Rike\AppData\Roaming\mozilla\firefox\profiles\15samsl2.default\prefs.js user_pref("CT3241949_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1357160496905,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0} user_pref("extensions.BabylonToolbar.bbDpng", 3); user_pref("extensions.BabylonToolbar.cntry", "DE"); user_pref("extensions.BabylonToolbar.firstRun", false); user_pref("extensions.BabylonToolbar.hdrMd5", "A8953EC9A12F0DE5C5336BF91F22561E"); user_pref("extensions.BabylonToolbar.lastActv", "3"); user_pref("extensions.BabylonToolbar.lastDP", 3); user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.222:22:08"); user_pref("extensions.BabylonToolbar.propectorlck", 58915362); user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1a362281000000000000001dd9eb4d47&tlver=1.4.31.2&instlRef=&ss=1&affID=100365&q="); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo.com user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://mystart.incredimail. user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.searc Emptied folder: C:\Users\Rike\AppData\Roaming\mozilla\firefox\profiles\15samsl2.default\minidumps [7 files] ~~~ Chrome Successfully deleted: [Folder] C:\Users\Rike\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 05.04.2013 at 17:11:53,00 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 05/04/2013 um 17:16:27 erstellt # Aktualisiert am 02/04/2013 von Xplode # Betriebssystem : Windows Vista (TM) Ultimate Service Pack 2 (32 bits) # Benutzer : Rike - RIKE-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Rike\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files\IncrediMail_MediaBar_Deutsch_2 Ordner Gelöscht : C:\Users\Rike\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\Rike\AppData\LocalLow\IncrediMail_MediaBar_Deutsch_2 ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_Deutsch_2 Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IncrediMail_MediaBar_Deutsch_2 Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{990AF1C2-5A27-4460-8149-ECC6BC122AF3} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{990AF1C2-5A27-4460-8149-ECC6BC122AF3} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0301A5D-5FD7-4053-BD40-809477CA8D57} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{990AF1C2-5A27-4460-8149-ECC6BC122AF3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B0301A5D-5FD7-4053-BD40-809477CA8D57} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF5D39D7-F37C-45A2-976D-0DEE96634B86} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\Software\IncrediMail_MediaBar_Deutsch_2 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57FCB77C-C0C2-466C-BB78-8AFEA60C6646} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF6BBB46-7727-465C-8307-94101DB61D07} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{990AF1C2-5A27-4460-8149-ECC6BC122AF3} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B0301A5D-5FD7-4053-BD40-809477CA8D57} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5e705002f617ebf70b75dc63e088477e Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fd31db37f368bf575c9eb3d51ef0b9a4 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_Deutsch_2 Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Software Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{990AF1C2-5A27-4460-8149-ECC6BC122AF3}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{990AF1C2-5A27-4460-8149-ECC6BC122AF3}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{990AF1C2-5A27-4460-8149-ECC6BC122AF3}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{990AF1C2-5A27-4460-8149-ECC6BC122AF3}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v19.0.2 (de) Datei : C:\Users\Rike\AppData\Roaming\Mozilla\Firefox\Profiles\15samsl2.default\prefs.js Gelöscht : user_pref("CT3241949_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] -\\ Google Chrome v26.0.1410.43 Datei : C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [7246 octets] - [05/04/2013 17:16:27] ########## EOF - C:\AdwCleaner[S1].txt - [7306 octets] ########## OTL-Ergebnisse: OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.04.2013 17:27:23 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rike\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 45,82% Memory free 4,23 Gb Paging File | 2,85 Gb Available in Paging File | 67,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,05 Gb Total Space | 85,49 Gb Free Space | 57,36% Space Free | Partition Type: NTFS Drive D: | 146,00 Gb Total Space | 72,52 Gb Free Space | 49,67% Space Free | Partition Type: NTFS Computer Name: RIKE-PC | User Name: Rike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rike\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.) PRC - C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Programme\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) PRC - C:\Programme\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Programme\IncrediMail\Bin\PMC.dll () MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll () MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll () MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll () MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll () MOD - C:\Programme\IncrediMail\Bin\IMHttpComm.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () ========== Services (SafeList) ========== SRV - (ogmservice) -- C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (RealNetworks Downloader Resolver Service) -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Rike\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation) DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.ebay.de" FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.18 12:04:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:56:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:56:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.15 00:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rike\AppData\Roaming\mozilla\Extensions [2013.04.05 17:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rike\AppData\Roaming\mozilla\Firefox\Profiles\15samsl2.default\extensions [2013.03.08 14:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 14:56:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.20 19:54:46 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2012.12.18 12:04:47 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2013.03.08 14:56:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.18 14:36:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 11:16:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.18 14:36:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.18 14:36:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.18 14:36:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.18 14:36:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\ CHR - Extension: RealDownloader = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Skype Extension = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\ CHR - Extension: Anti-Banner = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2013.04.05 12:57:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Programme\IncrediMail\Bin\resources\WebMenuImg.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11BBDDAA-5B74-42EB-A6F3-D0D567C18A91}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0AFF43A-621A-46FD-82F1-8ACF19E8B160}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Rike\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Rike\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.05 16:59:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.05 16:59:12 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.05 16:57:55 | 000,551,171 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Rike\Desktop\JRT.exe [2013.04.05 13:02:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.05 13:02:31 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\temp [2013.04.05 12:23:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.05 12:23:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.05 12:23:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.05 12:23:14 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.04.05 12:22:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.05 12:21:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.05 00:54:27 | 005,047,266 | R--- | C] (Swearware) -- C:\Users\Rike\Desktop\ComboFix.exe [2013.04.04 23:54:55 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rike\Desktop\tdsskiller.exe [2013.04.04 22:15:21 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Rike\Desktop\aswMBR.exe [2013.04.04 20:33:39 | 000,000,000 | ---D | C] -- C:\Users\Rike\Desktop\MBAR [2013.04.02 14:55:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rike\Desktop\OTL.exe [2013.03.27 00:50:16 | 000,000,000 | ---D | C] -- C:\Users\Rike\Documents\Schulter [2013.03.26 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Roaming\Malwarebytes [2013.03.26 23:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.26 23:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.26 23:36:44 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.26 23:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.20 21:50:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.15 02:34:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.15 02:33:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.15 02:33:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.15 02:33:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.15 02:33:56 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.15 02:33:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.15 02:33:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.15 02:33:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.10 16:18:58 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\GameHouse [2013.03.08 14:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.04.05 17:24:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.05 17:24:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.05 17:20:00 | 000,001,773 | ---- | M] () -- C:\Users\Rike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk [2013.04.05 17:19:51 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.04.05 17:19:43 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.04.05 17:19:35 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.05 17:19:32 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.05 17:19:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.05 17:19:11 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys [2013.04.05 17:18:04 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.04.05 17:14:51 | 000,613,083 | ---- | M] () -- C:\Users\Rike\Desktop\adwcleaner.exe [2013.04.05 16:57:58 | 000,551,171 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Rike\Desktop\JRT.exe [2013.04.05 12:57:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.04.05 00:55:17 | 005,047,266 | R--- | M] (Swearware) -- C:\Users\Rike\Desktop\ComboFix.exe [2013.04.04 23:55:27 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rike\Desktop\tdsskiller.exe [2013.04.04 22:29:38 | 304,205,775 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.04 22:16:59 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Rike\Desktop\aswMBR.exe [2013.04.03 20:05:21 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.03 20:05:21 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.03 20:05:21 | 000,126,510 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.03 20:05:21 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.02 14:55:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rike\Desktop\OTL.exe [2013.04.02 14:49:32 | 000,000,000 | ---- | M] () -- C:\Users\Rike\defogger_reenable [2013.04.01 19:26:26 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.26 23:36:48 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.13 11:40:27 | 000,019,456 | ---- | M] () -- C:\Users\Rike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.03.12 01:10:56 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe ========== Files Created - No Company Name ========== [2013.04.05 17:14:49 | 000,613,083 | ---- | C] () -- C:\Users\Rike\Desktop\adwcleaner.exe [2013.04.05 12:23:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.05 12:23:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.05 12:23:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.05 12:23:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.05 12:23:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.02 14:49:32 | 000,000,000 | ---- | C] () -- C:\Users\Rike\defogger_reenable [2013.03.26 23:36:48 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.10 22:26:35 | 000,001,502 | ---- | C] () -- C:\Users\Rike\.recently-used.xbel [2012.11.28 14:47:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.11.14 20:58:29 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2012.11.14 20:57:47 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.12.05 22:33:48 | 000,017,408 | ---- | C] () -- C:\Users\Rike\AppData\Local\WebpageIcons.db [2011.07.19 14:25:38 | 000,166,605 | ---- | C] () -- C:\Windows\hpoins21.dat.temp [2011.07.19 14:25:38 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp [2011.07.17 14:01:18 | 000,019,456 | ---- | C] () -- C:\Users\Rike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.16 01:41:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.07.16 01:33:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.07.16 01:33:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.07.16 01:31:12 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.07.15 23:35:54 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2011.07.14 23:37:54 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.07.14 23:37:17 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.07.14 22:30:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.07.14 22:14:22 | 000,186,464 | ---- | C] () -- C:\Windows\hpoins21.dat [2011.07.14 22:14:22 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat [2011.07.14 21:46:25 | 000,000,680 | ---- | C] () -- C:\Users\Rike\AppData\Local\d3d9caps.dat [2011.07.14 21:31:39 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat ========== ZeroAccess Check ========== [2006.11.02 14:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > und OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.04.2013 17:27:23 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rike\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 45,82% Memory free 4,23 Gb Paging File | 2,85 Gb Available in Paging File | 67,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,05 Gb Total Space | 85,49 Gb Free Space | 57,36% Space Free | Partition Type: NTFS Drive D: | 146,00 Gb Total Space | 72,52 Gb Free Space | 49,67% Space Free | Partition Type: NTFS Computer Name: RIKE-PC | User Name: Rike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{190C6300-2B84-431F-9BC8-7698FF62CC9B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{30593774-0A21-4EED-A2AD-6243660C0251}" = lport=138 | protocol=17 | dir=in | app=system | "{37C66F52-CFB7-44B2-B0F8-A06A399E0618}" = rport=445 | protocol=6 | dir=out | app=system | "{443DE31E-C10D-4F5E-86C0-C855341360F7}" = rport=10243 | protocol=6 | dir=out | app=system | "{4523FEB0-2BB1-4897-8435-47B53C63408C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4F488A2A-1E0D-4161-9A38-F37BF58138C7}" = lport=2869 | protocol=6 | dir=in | app=system | "{552A8218-30C8-442D-9B27-CAFF9B93A5C1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{606B6052-6D86-4BB5-986E-2256805BE253}" = lport=139 | protocol=6 | dir=in | app=system | "{6A1803E3-E309-4ADE-998B-20EB7B413F5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6A32A5AF-AC80-4B42-8FF4-70C8EE509BAB}" = lport=445 | protocol=6 | dir=in | app=system | "{6F914B4B-C1B9-444E-AF29-20AD20250911}" = rport=137 | protocol=17 | dir=out | app=system | "{8B68A314-BDC5-4721-81DD-F4F448A9BE4D}" = rport=138 | protocol=17 | dir=out | app=system | "{944CF942-4F0B-4B81-B184-94128001AAF9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9CA35107-09C4-4BCA-AA7B-EF75457585B4}" = lport=137 | protocol=17 | dir=in | app=system | "{B1EC4F16-A75A-48DC-A3E6-449D3D4F1C85}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B8F563B5-579E-4346-B2C8-88E192863C9D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C001F7C1-B0B8-4F23-A081-E96DF64BE742}" = rport=139 | protocol=6 | dir=out | app=system | "{CF046FEF-8E66-4060-BE76-B5B437DF995F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D9EB97BE-DE73-4B80-AB22-FAC1952F6178}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DB62EC5B-D0FB-4A91-9CA8-0DE95301898F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EB1F3FB4-597E-431E-846B-0017BB25F09A}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2417A877-E097-4780-A186-A24783E1D35A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{29A48A1D-266D-40E0-8C03-EDAC804CE370}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{38931EE1-1C16-4CA2-B74D-3336893EC8C9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{3AB1BC49-5E58-4048-A1B3-9CF21EBE99CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3B195ADD-1B8A-4078-AF8B-36542166C4B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{59F6A49A-0FAE-4AAF-8322-32B6D31FF195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5F664BC8-AD26-464B-8262-076A761B0B1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{649159D1-C543-4F01-9BB2-9445B2127B10}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{65504B95-5929-4BF1-A551-02E155761738}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe | "{6EDD0956-35DC-49FD-B4E4-03D0CE7A91B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{89CA40B8-4122-46F5-92BD-CE9263FF5A13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8F9029AD-8037-4D3D-98C0-C397E0758EE4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{93FB8B41-EC61-4EFC-8E1E-9C2216559BEE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9D2AF647-7E94-4EA1-8DAA-A0E935E61E34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A029A707-4125-4740-869B-87F8B021B7A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B244666D-8306-4D82-A879-32AC324B0646}" = protocol=6 | dir=out | app=system | "{B84AF35E-9A78-4A42-85B6-FC6EE10AD748}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe | "{C277BD8C-4892-4A6A-B200-EB0881370DEA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C4BBDBF9-46B5-4AC4-AA43-30D1E7C23142}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D3C78871-D0CB-4E9F-BA47-1400E74DF0DB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D6F2201A-EE22-40C2-85CA-78419CF85425}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{FF30DD1D-F18D-47B2-97E3-96DBC1898B9A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0EFDE8F4-691D-4CB0-B4C1-0BD63B0907FF}" = IncrediMail "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool "{162d74e4-7d6d-4949-8018-50e96e314696}" = C6200_Help "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2 "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CC52794-9EFB-4E79-A9BC-2CFFAB13DB0A}" = calibre "{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator "{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2 "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98D64F70-1BE2-4E06-A58E-50FF642B3F24}" = HP Officejet Pro 8600 - Grundlegende Software für das Gerät "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE54D686-ACC0-42db-A46B-987A5B6D8325}" = C6200 "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Audacity_is1" = Audacity 2.0.2 "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) "Das Rettungsteam" = Das Rettungsteam "DSGPlayer" = RTL GAME CENTER "Free YouTube Downloader Converter" = Free YouTube Downloader Converter "Google Chrome" = Google Chrome "Green Valley" = Green Valley "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "HPOCR" = OCR Software by I.R.I.S. 10.0 "IncrediMail" = IncrediMail 2.0 "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "MAGIX FunPix Maker D" = MAGIX FunPix Maker 1.0.0.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "Online Games Manager" = Online Games Manager v1.20 "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "PhotoScape" = PhotoScape "RealPlayer 16.0" = RealPlayer "Shop for HP Supplies" = Shop for HP Supplies "SmartToolsSchriftart-Assistentv3.50" = SmartTools Publishing • Word Schriftart-Assistent "UltSounds" = Windows-Soundschemas "UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™ "UnderCoverXP_is1" = UnderCoverXP 1.23 "Universal Document Converter_is1" = Universal Document Converter (Demo) "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "Zylom Games Player Plugin" = Zylom Games Player Plugin ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Fishdom - Seasons Under the Sea Deluxe" = Fishdom - Seasons Under the Sea Deluxe "Fishdom - Spooky Splash Deluxe" = Fishdom - Spooky Splash Deluxe "Fishdom 2 Deluxe" = Fishdom 2 Deluxe ========== Last 20 Event Log Errors ========== [ System Events ] Error - 05.04.2013 11:20:47 | Computer Name = Rike-PC | Source = DCOM | ID = 10016 Description = Error - 05.04.2013 11:20:48 | Computer Name = Rike-PC | Source = Service Control Manager | ID = 7000 Description = Error - 05.04.2013 11:21:03 | Computer Name = Rike-PC | Source = Service Control Manager | ID = 7022 Description = < End of report > LG Rike --- --- --- |
06.04.2013, 03:14 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mail delivery failed Emails - vermutlich Maleware Problem Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
06.04.2013, 20:52 | #11 |
| Mail delivery failed Emails - vermutlich Maleware Problem Hi cosinus, du bist ja ganz schön früh auf. So ich bin fertig. Malwarebytes Log Datei: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.06.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Rike :: RIKE-PC [Administrator] 06.04.2013 12:50:42 mbam-log-2013-04-06 (12-50-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204758 Laufzeit: 12 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET Log-Datei: (Der Lauf hat 5 Stunden und 15 Minuten gedauert. Ich habe aber auch ne geteilte Festplatte und ne externe dazu.) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=058a9642896328419b7a22f66991c52f # engine=13563 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-04-06 07:21:04 # local_time=2013-04-06 09:21:04 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1286 16777213 100 98 19630 20042386 0 0 # compatibility_mode=5892 16776574 100 100 120795 202808919 0 0 # scanned=277510 # found=0 # cleaned=0 # scan_time=18808 Waren das nun die Zylom Spiele? Die kann ich jetzt deinstallieren, weil ich sie eh nicht mehr spielen kann oder? (Bitte jetzt nicht antworten "Falls du wieder die Maleware auf deinem Rechner haben möchtest, dann installiere sie wieder". ) Übrigens habe ich von einem dieser Spiele eine "Back UP"-CD. Ist die auch für die Tonne? Wenn ja dann werde ich dieser "netten" Firma mal einen bösen Brief schreiben. Muss ich Angst haben, weil ich noch zwei Spiele von Zylom auf dem Rechner habe, dass da irgendwann etwas passiert? Gespielt habe ich beide schon. Die Software, die ich mir alle runtergeladen habe (Malewarebytes, OTL, usw.) soll ich die von meinem Rechner runterlöschen oder drauflassen? Bezüglich der ständigen Adobe Flash Player Abstürzen beim Firefox muss ich ein neues Thema in nem anderen Strang aufmachen? Fragen über Fragen - sorry Frau halt, aber nicht blond und nur blöd. Ganz herzliches Dankeschön! LG witchy PS: Gehen wir jetzt ein trinken? Fischkopp mit Batzi? (Ich hoffe, dass du Spaß verstehst?!) |
07.04.2013, 01:14 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mail delivery failed Emails - vermutlich Maleware Problem Manchmal bin ich auch lange wach, früh aufstehen war noch nie mein Fall Ich als Fischkopp bin aufgeschlossen und trinke auch gern mit Bazis aber zwing mir bitte kein Weißbier auf Diese zyloom Games sind AFAIR schon vorinstalliert vom OEM-Hersteller. Sprich, du kaufst dir zB ein neues Notebook, packst es aus und schaltest es ein, nach etwas Abfragerei ist dieser Müll einfach schon drauf. Diese Unsitte ist weit verbreitet, denn die Hersteller sehen deinen Rechner, den du selbst bezahlst, auch als eine Art Litfasssäule an.
__________________ Logfiles bitte immer in CODE-Tags posten |
07.04.2013, 22:01 | #13 |
| Mail delivery failed Emails - vermutlich Maleware Problem Hi cosinus, dass du "nachtaktiv" bist habe ich schon vermutet. Ich bin ja auch, ne olle Nachteule. Früh aufstehen ist ein Graus, aber ab und an muss es halt sein. Gott sei Dank arbeite ich aber meistens Nachmittags. Tja was soll ich jetzt aus deiner Antwort rauslesen. Wart ich hol mal die Tarotkarten. Laut denk: "Mh, anscheinend ist mein Rechner bereinigt, Spiele von Zylom sind auf jedem Rechner, sprich ich kann die Back UP CD ja mal in das CD-Laufwerk reinlegen und wenn Kaspersky meckert, dann kann ich sie wieder rausschmeissen. Mit der Software, die ich runtergeladen habe kann ich machen was ich will." Bevor ich hier weiter vor mich hin orakel, könntest du mir bezüglich der Dateien, die in Quarantäne sind noch einen Rat geben? Vemutlich dort lassen? Zwecks Adobe-Flash-Player-Abstürzen beim Firefox suche ich hier mal selber ob es diesbezüglich schon ein Thema gibt. *lautgedacht* Mein Problem bezüglich Maleware scheint erledigt. Dafür dickes Danke! LG witchy PS: Jetzt wollte ich dir eine PN schicken, aber das darf man/frau anscheinend nicht. Schade! Nun eigentlich sollte es nicht jeder lesen, aber egal. Ich hätte fast gewettet, dass du nicht auf meine "Einladung" eingehst. Jetzt überlege ich schon den ganzen Tag, wie ich das hinbekomme, denn wenn ich etwas verspreche, dann halte ich es auch. Da uns sicher viele viele 100 Kilometer trennen, kann ich nicht mal eben in mein Auto springen und in den hohen Norden fahren. Zwei Vorschläge: Du besuchst mich auf z.B. wenn hier Dult (hochdeutsch = Kirmes) ist (Schlafgelegenheit ist kein Problem) oder ich mach ein Päckchen fertig, dass ich z.B. postlagernd schicke. Die Batzeline zwingt dir auch kein Weißbier auf. Ach ja auf der Dult gibt es nur Maß (1 Liter) und keine 0,2er Gläschen. Jetzt bin ich gespannt ob und wie du darauf antwortest. Geändert von witchy (07.04.2013 um 22:23 Uhr) |
07.04.2013, 22:05 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mail delivery failed Emails - vermutlich Maleware Problem Dann wären wir durch! Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
07.04.2013, 22:29 | #15 |
| Mail delivery failed Emails - vermutlich Maleware Problem Ups wir haben uns überschnitten. Lies bitte noch mein PS im letzten Post, da ich editiert habe. Danke! Deine letzten Anweisungen mache ich morgen. Da habe ich noch frei. LG witchy |
Themen zu Mail delivery failed Emails - vermutlich Maleware Problem |
32 bit, babylontoolbar, bho, converter, desktop, ebanking, error, excel, failed, feedback, firefox, flash player, free youtube downloader, helper, install.exe, internet security 2013, kaspersky, kaspersky internet security 2013, logfile, mail delivery, maleware, maleware?, mozilla, object, officejet, online games, plug-in, problem, programm, registry, scan, security, software, svchost.exe, tastatur, trojaner, trojaner board, vista, wenig ahnung, youtube downloader |