| |
| |||||||
Log-Analyse und Auswertung: yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.05.2013, 01:04
| #1 |
| |  yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert? System: -------- Windows 8 Pro with Media Center 64 bit Ein Tag Rumärgerei, dann Problem gelöst. Oder nur SCHEINBAR??? -------------------------------------------------------------- Hier meine Aktivitäten bis jetzt: Mir fiel eine Task xoywm.exe auf, die ich nicht kannte, auch googlen brachte keine Details. Mein Rechner hatte Probleme mit den Browsern: Firefox startete nicht mehr, in Chrome stürzten Videos regelmäßig ab. Microsofts Defender meldete nur einmal einen Virenbefall (habe sofort angezeigte Dateien eliminiert). All das machte mich nervös und ich habe dann die desinfec't CD (ubuntu mit avira und bitdefender laufen lassen). Das hat trotz Microsofts Defender 14! Hits gebracht, ich habe zunächst alles mit der Extension .VIRUS umbenannt, darunter auch xoywm.exe und der zu yontoo gehörende installer (im Verzeichnis des Installers). Nach Reboot waren immer yontoo und y2desktop (die scheinen zusammen zu gehören) im Taskmanager zu sehen. Yontoo fand sich sogar als Eintrag mit webseite in Systemsteuerung/Programme und Features lässt sich aber da nicht deinstallieren - das unverdächtige Installprogramm meldet einen Fehler. Auf der Yontoo webseite gibt es für diesen Fall einen uninstaller, vor dem Download warnte mich aber der Browser (Virus!). Firefox meldete Probleme beim Neustart von yontoo, ich habe das Plugin da entfernen können und dann mit dem Suchtool Everything alle yontoo, y2desktop, xoywm.exe und auf .VIRUS endenden Dateien gelöscht. Ich habe dann auch das Verzeichnis im Installer gelöscht, in welchem die yontoo .VIRUS Datei war, bei dem dann folgenden Deinstallieren in Programme und Features merkt Windows dann, dass was fehlt und streicht endlich den Eintrag yontoo aus der Liste. Jetzt sind diese Dateien und Prozesse auch nicht mehr in Taskmanager/Ressourcenmonitor zu sehen. Firefox und Chrome laufen endlich wieder einwandfrei. AAAAABER: Ich bin jetzt nervös, ging das wirklich sooo leicht, vielleicht gibt es ja Sachen die sich besser versteckt halten? - Ist der Rechner jetzt wirklich sauber? Ich habe gesehen, dass Ihr nach OTL-logs fragt, die habe ich gerade erstellt und angehängt. Man findet zwar xoywm und yontoo, aber die Dateien werden nicht mehr gefunden :-) - Was für Daten stehlen yontoo/xoywm? Banking/Passwörter für Email &Social Networks? Ich checke jetzt mal die Kreditkartenauszüge. - Wie konnte ich mich infizieren (ich starte keine unbekannten exe-Dateien, update mein System, nutzte Virenscanner den die c't akzeptabel getestet hatte)? - Wie kann ich mich legal rächen? Just kidding... Unklar sind für mich folgende Tasks, die kurz mal zu sehen waren: ----------------------------------------------------------------- WmiPrvSE Windows Modules Installer Windows Modules Installer Worker Eigentlich Microsoft Tasks, aber könnten gehijackt sein? Was noch stört: --------------- Nach dem Reboot für ein paar Minuten 100% Festplatten-Aktivitat durch Prozess "System", es sieht bei der Datenträgeraktivität im Ressourcenmonitor aber nur nach einem Virusscan aus, der eigentliche Scanner hat hingegen wenig Aktivität (jetzt Avira, war dasselbe bei Microsofts Defender). Danach geht es auf nahezu Null runter. OTL-log: -------- Code:
ATTFilter OTL logfile created on: 25.05.2013 01:50:18 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16580) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 56,34% Memory free 4,62 Gb Paging File | 2,61 Gb Available in Paging File | 56,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 139,21 Gb Free Space | 14,95% Space Free | Partition Type: NTFS Drive F: | 633,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive X: | 931,51 Gb Total Space | 8,20 Gb Free Space | 0,88% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Classic Shell\ClassicShellService.exe (IvoSoft) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll () MOD - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll () ========== Services (SafeList) ========== SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation) SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (BcmBtRSupport) -- C:\Windows\SysNative\BtwRSupportService.exe (Broadcom Corporation.) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ClassicShellService) -- C:\Programme\Classic Shell\ClassicShellService.exe (IvoSoft) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avnetflt) -- C:\Windows\SysNative\Drivers\avnetflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (BthA2DP) -- C:\Windows\SysNative\Drivers\BthA2DP.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (Tpkd) -- C:\WINDOWS\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.) DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\Drivers\emBDA64.sys (eMPIA Technology, Inc.) DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\Drivers\emOEM64.sys (eMPIA Technology, Inc.) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\Drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\Drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\Drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\Drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\Drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\Drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\Drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation) DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation) DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\Drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\Drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\Drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\Drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\Drivers\cbfs3.sys (EldoS Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\Drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\Drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\Drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (InputFilter_Hid_FlexDef2b) -- C:\Windows\SysNative\Drivers\InputFilter_FlexDef2b.sys (Siliten) DRV:64bit: - (psadd) -- C:\Windows\SysNative\Drivers\psadd.sys (Lenovo (United States) Inc.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\Drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\Drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\Drivers\BrSerIf.sys (Brother Industries Ltd.) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\Drivers\rixdpx64.sys (REDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/u/0/?shva=1#inbox IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3 IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 E7 59 61 60 B5 CD 01 [binary data] IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: %7BA4732521-77D9-447E-A557-B279AC923F06%7D:0.6.12 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.03.16 14:11:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 19:10:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.08 08:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013.05.24 19:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\thkeju61.default\extensions [2013.05.08 08:42:41 | 000,095,463 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\thkeju61.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}.xpi [2013.05.21 08:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.21 08:15:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.03.16 14:11:44 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://mail.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll CHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Mindjet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgpkinhfhnglbhoeoeooekalejbhbhgl\0.1.6_0\ CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Image-Toolbar (beta) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgaepnhfockgofcejphihfafgmenofb\0.1.0.0_0\ CHR - Extension: RealDownloader = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: Google Mail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft) O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe File not found O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not found O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [Hoguq] C:\Users\User\AppData\Roaming\Ylwe\xoywm.exe File not found O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe File not found O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [Yontoo Desktop] "C:\Users\User\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FDC90D5-7A27-4E67-A8A4-0612F293D679}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F6F2209-A54C-4E91-9B12-15BA81081B51}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.01.27 18:09:29 | 000,000,056 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.24 21:50:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira [2013.05.24 21:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.24 21:43:46 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys [2013.05.24 21:43:46 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys [2013.05.24 21:43:46 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys [2013.05.24 21:43:46 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys [2013.05.24 21:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.24 21:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.05.24 19:27:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.05.23 00:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.05.22 19:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.22 19:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.05.21 08:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.19 19:01:52 | 000,078,200 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl [2013.05.19 19:01:51 | 000,693,112 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe [2013.05.19 17:25:07 | 013,648,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll [2013.05.19 17:25:05 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmp.dll [2013.05.19 17:25:03 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmp.dll [2013.05.19 17:25:02 | 010,789,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll [2013.05.19 17:24:59 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll [2013.05.19 17:24:59 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MSAudDecMFT.dll [2013.05.19 17:24:54 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll [2013.05.19 17:24:53 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSAudDecMFT.dll [2013.05.19 17:24:51 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kd_02_10ec.dll [2013.05.19 17:24:50 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rsaenh.dll [2013.05.19 17:24:49 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll [2013.05.19 17:24:48 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEng.dll [2013.05.19 17:24:46 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll [2013.05.19 17:24:46 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\conhost.exe [2013.05.19 17:24:46 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmredir.dll [2013.05.19 17:24:45 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll [2013.05.19 17:24:45 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.dll [2013.05.19 17:24:45 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\audiodg.exe [2013.05.19 17:24:42 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RecoveryDrive.exe [2013.05.19 17:24:42 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll [2013.05.19 17:24:40 | 002,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll [2013.05.19 17:24:40 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi [2013.05.19 17:24:40 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe [2013.05.19 17:24:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll [2013.05.19 17:24:39 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi [2013.05.19 17:24:39 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsGdiConverter.dll [2013.05.19 17:24:38 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe [2013.05.19 17:24:37 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmvdsitf.dll [2013.05.19 17:24:36 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll [2013.05.19 17:24:35 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ci.dll [2013.05.19 17:24:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhengine.dll [2013.05.19 17:24:29 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.dll [2013.05.19 17:24:29 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfreadwrite.dll [2013.05.19 17:24:29 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll [2013.05.19 17:24:29 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll [2013.05.19 17:24:28 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Robocopy.exe [2013.05.19 17:24:28 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wscapi.dll [2013.05.19 17:24:28 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kdvm.dll [2013.05.19 17:24:27 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\intl.cpl [2013.05.19 17:24:27 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsGdiConverter.dll [2013.05.19 17:24:27 | 000,284,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys [2013.05.19 17:24:27 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfreadwrite.dll [2013.05.19 17:24:27 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iuilp.dll [2013.05.19 17:24:27 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dmvdsitf.dll [2013.05.19 17:24:27 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Robocopy.exe [2013.05.19 17:24:27 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kdnet.dll [2013.05.19 17:24:23 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hidclass.sys [2013.05.19 17:24:21 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GenuineCenter.dll [2013.05.19 17:24:21 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\intl.cpl [2013.05.19 17:24:21 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll [2013.05.19 17:24:21 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fmifs.dll [2013.05.19 17:24:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fmifs.dll [2013.05.16 17:58:42 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll [2013.05.16 17:58:33 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uxtheme.dll [2013.05.16 17:58:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll [2013.05.16 17:58:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll [2013.05.16 17:58:33 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll [2013.05.16 17:58:33 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe [2013.05.16 16:09:41 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shdocvw.dll [2013.05.16 16:09:32 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\consent.exe [2013.05.16 15:10:13 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\esent.dll [2013.05.16 15:10:11 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\esent.dll [2013.05.16 15:08:29 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe [2013.05.12 19:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2012 [2013.05.12 19:06:00 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\bastel fräse [2013.05.12 17:13:50 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Amazon Downloader Logs [2013.05.12 17:00:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\3Dconnexion_Inc [2013.05.12 16:45:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NVIDIA [2013.05.12 16:34:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\3Dconnexion [2013.05.12 16:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Dconnexion [2013.05.12 16:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Dconnexion [2013.05.12 16:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\3Dconnexion [2013.05.11 12:36:52 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\SimCity [2013.05.07 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Buhl Data Service [2013.05.07 21:01:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Buhl Data Service [2013.05.07 15:51:49 | 000,000,000 | ---D | C] -- C:\Users\User\.smplayer [2013.05.07 08:49:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Ubisoft Game Launcher [2013.05.07 08:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2013.05.07 08:16:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Buhl [2013.05.07 08:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WISO [2013.05.07 08:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2013.05.06 23:34:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.05.06 22:43:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Origin [2013.05.06 22:43:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Origin [2013.05.06 22:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.05.06 22:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.05.06 22:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.05.06 22:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013.05.06 00:00:45 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Downloads [2013.05.03 15:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.05.03 15:26:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ylwe [2013.05.03 15:26:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Lebyhe [2013.05.03 15:26:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ipibd [2013.05.02 14:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell [2013.05.02 14:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell [2 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ] [1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.25 01:42:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.25 01:07:00 | 000,001,122 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.05.25 01:03:51 | 000,007,670 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2013.05.25 00:42:39 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.05.25 00:39:21 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.24 21:39:52 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys [2013.05.24 21:39:52 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys [2013.05.24 21:39:52 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys [2013.05.24 21:39:52 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys [2013.05.24 20:23:00 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.05.24 20:22:46 | 3377,258,496 | -HS- | M] () -- C:\hiberfil.sys [2013.05.24 19:27:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.05.22 08:35:47 | 000,342,592 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2013.05.12 20:44:16 | 000,000,862 | ---- | M] () -- C:\WINDOWS\wiso.ini [2013.05.07 22:47:21 | 001,681,014 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2013.05.07 22:47:21 | 000,728,328 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2013.05.07 22:47:21 | 000,689,200 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2013.05.07 22:47:21 | 000,146,020 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2013.05.07 22:47:21 | 000,125,560 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2013.05.07 22:07:50 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe [2013.05.07 22:07:50 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl [2013.05.06 23:34:03 | 000,189,248 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0 [2 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ] [1 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.22 08:35:36 | 000,342,592 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2013.05.21 08:15:55 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.19 17:24:16 | 000,387,688 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml [2013.05.07 08:16:45 | 000,000,862 | ---- | C] () -- C:\WINDOWS\wiso.ini [2013.05.06 23:34:03 | 000,189,248 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0 [2013.03.16 11:10:57 | 000,015,873 | ---- | C] () -- C:\WINDOWS\SysWow64\Inetde.dll [2013.01.08 15:23:58 | 000,045,568 | ---- | C] () -- C:\WINDOWS\SysWow64\spwini.dll [2012.12.16 19:45:34 | 000,008,192 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.19 00:49:56 | 000,007,670 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2012.11.17 08:23:24 | 000,021,656 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\iLokDrvr.sys [2012.10.30 04:19:12 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2012.08.02 23:50:53 | 000,004,539 | ---- | C] () -- C:\Users\User\.recently-used.xbel [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2012.05.06 09:34:08 | 000,000,243 | ---- | C] () -- C:\Users\User\.swfinfo [2012.01.06 03:52:25 | 000,005,072 | ---- | C] () -- C:\Users\User\.TransferManager.db [2011.02.02 00:34:50 | 000,001,778 | ---- | C] () -- C:\Users\User\gdbtk.ini ========== ZeroAccess Check ========== [2013.01.28 23:11:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.12 16:34:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\3Dconnexion [2013.02.21 02:22:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Arduino [2013.03.16 11:10:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BOM [2013.05.07 21:02:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Buhl Data Service [2013.02.04 16:57:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CachedFiles [2012.12.26 21:02:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\calibre [2013.02.19 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2013.04.21 20:06:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CopyTrans [2013.01.07 11:50:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox [2013.02.21 05:21:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Fritzing [2013.05.03 15:26:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ipibd [2013.05.12 19:32:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView [2012.12.26 21:35:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\JAM Software [2013.05.21 09:10:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lebyhe [2012.12.27 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mobipocket [2012.11.11 15:02:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2013.05.06 22:47:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin [2012.12.26 21:23:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer [2013.04.21 20:01:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions [2013.05.24 20:17:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ylwe ========== Purity Check ========== < End of report > -------------- Code:
ATTFilter OTL Extras logfile created on: 25.05.2013 01:50:18 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 56,34% Memory free
4,62 Gb Paging File | 2,61 Gb Available in Paging File | 56,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 139,21 Gb Free Space | 14,95% Space Free | Partition Type: NTFS
Drive F: | 633,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 931,51 Gb Total Space | 8,20 Gb Free Space | 0,88% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0094BB44-B00B-4842-9ABF-3A39B7D47D29}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 |
"{12576295-7F45-47FB-805F-06F093DB8C8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{1EFD2868-4D3D-4667-831F-2015C25F3E33}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1F98A5C7-5145-4E29-9BC2-3B51A6485EB3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{205FED39-F0D0-4F32-A76A-37D5C8AB5640}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) |
"{207F0E51-65CD-4D96-9ED4-C86B3095B1D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{339DF4B8-A4D8-4CD9-9783-33947845BF42}" = lport=139 | protocol=6 | dir=in | app=system |
"{4F92B791-FA70-4951-9877-B986BCC48EF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{5797F32C-22BB-4E9E-8A48-DC36A2C283A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66724658-077F-473B-B95A-A5F2B17681B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E0A43BD-6B87-47D6-89DB-BE9A7388F1C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{706F3001-9093-4E84-A1DD-66E0DE7A2EE2}" = lport=445 | protocol=6 | dir=in | app=system |
"{7B550D87-F7D9-4558-9307-DC93E8368FE6}" = rport=139 | protocol=6 | dir=out | app=system |
"{7E922B4F-499B-46C8-8F1E-030D12855144}" = rport=445 | protocol=6 | dir=out | app=system |
"{908F5C06-AA9F-409C-9854-3185E9292D15}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 |
"{995547D3-7748-48FF-81B3-29F288812ED1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A6209A70-9FB3-4DDC-8261-1C1F05E18C74}" = lport=138 | protocol=17 | dir=in | app=system |
"{B539482D-C3EF-4184-9853-2986201EB8F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{B74A01FF-BF4F-446D-9F3F-4D0181721CC7}" = rport=138 | protocol=17 | dir=out | app=system |
"{BB0593B5-D0A5-4724-B7E2-332B2F80D001}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 |
"{CAF59F12-0C6D-4568-B7B4-700132994BE2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8CC8738-4236-4838-A2BC-B33E8E30274C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DDF431F7-BA07-4313-A22F-C43C81F796E6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DF41D875-76CF-4142-B1FD-D141C7AB271F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6146995-E6BC-4D8D-A29F-68724C01675C}" = lport=137 | protocol=17 | dir=in | app=system |
"{F5790EF3-4B38-47B7-9CEB-1F072533544E}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D339F53-6EE1-4145-AE6E-7DF282DC7FDD}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{12085DCC-73F3-4186-AB48-E89AA79B41B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13A3C12B-89E7-4403-B4F1-1816F4F1F9DC}" = protocol=6 | dir=out | app=system |
"{14BC11F3-6835-4B27-BB2F-C328A3784B2C}" = dir=in | name=pinball fx2 |
"{176FA3A6-E6B6-460C-915E-7EFC910BD749}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) |
"{21783EA5-45AF-4776-8252-78D2890B9563}" = dir=out | name=robotek |
"{24CD29E6-3EA2-426F-9CF6-5FA239D6AF09}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{28E4C87B-DA62-4FFB-A903-CDBBA3180B22}" = dir=out | name=@{microsoft.xboxlivegames_1.2.143.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{29AD5DC7-D5F7-4ED2-9FCA-84542AB36701}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2A248E02-5094-4E8E-97EB-669347284ACE}" = dir=out | name=kaufda navigator |
"{2DF94450-64CC-45DF-BE49-40A366128AF1}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{315B8F5A-0194-4496-85E2-2F0D74068066}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{38B41664-1AF1-4C0C-B801-A25415A0433A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39CA6445-52BB-432F-BD60-06E5971A9358}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{438A4FF2-20B0-488C-A46F-68E4B38E386E}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) |
"{460A91A6-BD86-4213-A8AF-07866951537A}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) |
"{4882905E-A6C5-4322-9E72-3E1FB7D367B4}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{52D867B9-48E5-425F-B68A-A6C4AE4B195D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{54047489-DCE2-4050-9D59-81E809197A56}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{5A20BC2E-EADB-4B20-94D8-B838557CDD4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62653FE1-B4C7-45FF-90F4-C2388799CADB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rocksmith\rocksmith.exe |
"{640B2077-A088-41C7-AA3E-368470F376B9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6A5D94F0-30D9-4DD0-B96B-DD2AAFD38CFC}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{6B4D97B6-FD07-4956-9010-59A527D79BD4}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{71709FC4-0FB1-4D45-A788-30A237BBE263}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{73C4DEBD-D4EC-4DF4-8573-0FEC47067F83}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{73EFCBF8-E1DA-446D-9BDB-16371D0060E7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{742496AE-F8E9-43D3-9A0B-01ED49D024C8}" = dir=out | name=arte tv |
"{7857951F-2A1F-4756-AB8B-DE9EE251F02D}" = dir=out | name=ebay |
"{79102889-B092-4562-816B-9F74E8B2403A}" = dir=out | name=onenote |
"{7A37E96F-9D34-4220-9ABE-305134DE5BDF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CF3BBBF-2CC1-4F16-BAF5-C49C9AE44637}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FBA0D4F-8A1A-40BF-A08C-C39F70A67ABB}" = dir=out | name=microsoft mahjong |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{80B35425-6861-411E-96CF-D5901FF18F19}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{853EB962-EA5A-4C5A-94F9-0BEBAEEC004F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{875B3636-A405-4717-B39C-A7C13580FBC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{886A7CC4-D5BE-4AD3-B842-2693629789F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B245A78-E275-4BA4-AF20-7A760D595F55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8BC56955-5F1D-4C98-B02E-36E4FA20E28F}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{8C47E3A8-F406-4D98-A7E8-2EC142AD087B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{908F0125-CB2A-440A-A66C-938FF84287F8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{92BD6A23-A328-496F-9850-08B8FEA006E6}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) |
"{92C2D4AB-3E33-457A-8C77-92564D39273D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{96458BF9-3B28-4FC2-B1FC-820685C3CDF5}" = dir=in | name=robotek |
"{9735F1EC-E0FA-4EF8-8A97-ADE6D04CC10D}" = dir=in | name=onenote |
"{987F86EE-DFCE-4290-8CE5-EF51EC7ADDF9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{99B7DA72-454D-4C28-AEB5-414BEA703692}" = dir=out | name=@{microsoft.zunevideo_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{9AF274F7-C6B9-40DC-8397-DE8ED1E33E9D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9BEB4279-D179-4A3E-809D-E4473A315227}" = dir=out | name=microsoft minesweeper |
"{A198C584-65ED-47B6-AF4E-E9534F07D591}" = dir=out | name=radiant |
"{ABFB6126-A1B5-4294-81E2-E6A2C810A35E}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{ACC8669C-18B5-406D-A351-6C73EFA89559}" = dir=in | name=ebay |
"{AE4FD485-5E95-48D1-9BB3-A507CB451493}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B7A296A4-A22D-4169-9272-5591642FF231}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B88DDAE1-6DED-4AF5-BC28-4DAAA0E86108}" = dir=in | app=c:\program files (x86)\audials\audials 10\audials.exe |
"{B8DB2DC9-9801-4228-846A-FA5E4F634942}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{BB9FE99B-6AF1-4EF8-BCBE-785952F83752}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{BD7ABD2F-1859-452F-BD12-665C86CBAA22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BDD8BB41-6FBE-41F7-AD73-8979D3DFF039}" = dir=out | name=zattoo live tv |
"{C1D963F5-034B-4EA6-963E-7255C6E98F0A}" = dir=out | name=zalando |
"{CB8F275E-BF70-470C-AB1D-5DB2A47F1160}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{CCCD60B1-93A8-4639-B668-FB9C67D9C2DC}" = dir=out | name=microsoft solitaire collection |
"{CE100D7C-8739-466E-921F-8BA48B4960ED}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{D410DF73-8F04-451C-85E5-AB3D504C08EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rocksmith\rocksmith.exe |
"{DE96B4C7-9890-4303-B926-45B65380A9E8}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E0C43974-A9D3-487B-8605-9C8F8AA58F72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EBD45732-EF4F-47DE-9143-2179502B190C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{F1139E4A-6D9B-4CB8-9600-CBB10F827ABF}" = dir=out | name=shazam |
"{F1D00A5D-EC69-4500-8150-F88F49027A87}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{F26F06AB-F2EB-4DFA-9CD5-7E525874E0DB}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{F6A333F8-A579-4F10-8DAD-035C302C588F}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{F8585375-1E31-40AC-83E4-50F8B1B23B68}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F8D92991-E822-40D8-ACC6-A296A6C47FBF}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F95462F7-1EFA-4797-B93F-CAC35892C6DC}" = dir=out | name=pinball fx2 |
"{FA6326CF-D7ED-41AB-BC7B-3A2F676F668B}" = dir=out | name=geodart |
"{FFE4724D-3F85-4287-AE70-51EFB32F6B7B}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"TCP Query User{2DE02AE6-FF20-4DAB-B3DB-794507B40336}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{8B87A07D-5232-46C7-B1A9-93B5CFDD01FE}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe |
"TCP Query User{93E93D7F-B52D-4F6A-A0A9-5A7591D7E5F8}C:\users\user\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\electronicarts_patcher_000.exe |
"TCP Query User{A3633175-91D4-471B-B930-BA3628ED565E}C:\program files (x86)\sonos\sonos.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"TCP Query User{D862D41F-40B0-4686-8658-E4F649A0CF04}C:\program files (x86)\sonos\sonos.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"TCP Query User{D920A166-670B-4D21-905B-74476C6F4707}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{2CF04AB5-07B5-4FD4-AEA7-EA6C40914FE9}C:\program files (x86)\sonos\sonos.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"UDP Query User{3BC5D458-8E5B-47E7-B4D0-F0C298616BA2}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{434CDDA5-673A-46E6-9603-637EBD0760CA}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe |
"UDP Query User{A63F3275-46A5-4064-9187-F3CE78FC0AEB}C:\program files (x86)\sonos\sonos.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"UDP Query User{A79ED1BA-2BCE-4F77-9BAD-677A9F5E8A03}C:\users\user\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\electronicarts_patcher_000.exe |
"UDP Query User{BEFCF8F9-C053-436E-898C-4F27265F0243}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13859B14-439C-41CF-A89A-D705EF959AA6}" = 3Dconnexion Plug-In for Photoshop CS3 - CS6
"{14FCEEDC-6795-4B5A-8370-686D0D3ED308}" = 3Dconnexion Plug-In for NX v3.0 - v8.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1FA17D58-3CE5-4B24-90B9-CE2DCB3FCAC1}" = 3Dconnexion Plug-In for 3ds Max v9 - 2014
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{45401736-1649-451A-A2CB-1F37D222DCE2}" = 3Dconnexion Plug-In for Pro/ENGINEER Wildfire 3.0 - Creo 2.0
"{4E22D0BC-2A2E-4723-B7E7-F34701EE501E}" = 3Dconnexion 3DxWare (x64)
"{5A739B91-73E6-4C75-8A3D-FA1FFA15C779}" = 3Dconnexion Add-In for SolidWorks 2005 - 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6D6426CC-35B9-4752-9874-4FB1576CE8C5}" = 3Dconnexion Add-On for XSI v5.0 - 2014
"{7EDD147B-8918-4715-94D5-987995044696}" = Max 6.1.1
"{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}" = Classic Shell
"{8AC1E556-BB68-486A-AF7C-AB6AC88ADADA}" = 3Dconnexion Plug-In for Maya v8.5 - 2014
"{92AE1E79-760C-42B9-B905-3F1BD31FF0E7}" = 3Dconnexion Add-In for Inventor 11 - 2014
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C4CBE331-9BFC-456B-A4D8-4E43E5EA3788}" = 3Dconnexion Add-In for AutoCAD 2007 - 2010
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EC2764B7-2EDB-4575-B0D4-1325EC66975E}" = 3Dconnexion Add-In for Solid Edge V18 - ST5
"{F6238EAB-3AD7-4B0E-B0AD-E533A93A5C32}" = Ableton Live 9 Suite
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"Power Management Driver" = Lenovo Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6D236956-B79D-4748-BEA3-A039334A66AB}" = 3Dconnexion Collage
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller
"{873F109E-CFBD-4958-9D07-1B02538BBD8F}" = 3Dconnexion Trainer
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = eMedia Klavier-Schule
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware (x64 Edition)
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{DC8B9A86-0EB5-4178-BCC0-DBDF1F529378}" = Audials
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E9994D23-7CC4-453C-B45C-6375C69EF850}" = 3Dconnexion Plug-in for Acrobat 3D
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FFD6EF09-FD59-4E19-8688-FF9D72B58819}" = 3Dconnexion Extension for SketchUp
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Biet-O-Matic v2.14.12" = Biet-O-Matic v2.14.12
"eMule" = eMule
"Everything" = Everything 1.2.1.371
"Google Chrome" = Google Chrome
"Inkscape" = Inkscape 0.48.4
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"RealPlayer 16.0" = RealPlayer
"Steam App 205190" = Rocksmith
"Steam App 8930" = Sid Meier's Civilization V
"TreeSize Free_is1" = TreeSize Free V2.7
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
"XMind_is1" = XMind 2012 (v3.3.1)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.05.2013 13:48:03 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ConquerW8ClientApp.exe, Version:
1.0.0.0, Zeitstempel: 0x5088fcba Name des fehlerhaften Moduls: KERNELBASE.dll, Version:
6.2.9200.16451, Zeitstempel: 0x50988950 Ausnahmecode: 0xe0434352 Fehleroffset: 0x00014b32
ID
des fehlerhaften Prozesses: 0x13d4 Startzeit der fehlerhaften Anwendung: 0x01ce58a68dc04811
Pfad
der fehlerhaften Anwendung: C:\Program Files\WindowsApps\27021tamayg.Conquer_1.0.2.0_neutral__v3gh74v7k1ycp\ConquerW8ClientApp.exe
Pfad
des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\KERNELBASE.dll Berichtskennung: 14af4c39-c49a-11e2-be93-002268e3e6dd
Vollständiger
Name des fehlerhaften Pakets: 27021tamayg.Conquer_1.0.2.0_neutral__v3gh74v7k1ycp
Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 24.05.2013 13:55:14 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433,
Zeitstempel: 0x50763312 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.2.9200.16550,
Zeitstempel: 0x5136a2c8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000004af9
ID
des fehlerhaften Prozesses: 0x700 Startzeit der fehlerhaften Anwendung: 0x01ce583e37f71fbd
Pfad
der fehlerhaften Anwendung: C:\WINDOWS\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\WINDOWS\system32\SHELL32.dll Berichtskennung: 15654dee-c49b-11e2-be93-002268e3e6dd
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 24.05.2013 13:57:19 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.05.2013 14:01:38 | Computer Name = User-PC | Source = .NET Runtime | ID = 1026
Description =
Error - 24.05.2013 14:01:39 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ConquerW8ClientApp.exe, Version:
1.0.0.0, Zeitstempel: 0x5088fcba Name des fehlerhaften Moduls: KERNELBASE.dll, Version:
6.2.9200.16451, Zeitstempel: 0x50988950 Ausnahmecode: 0xe0434352 Fehleroffset: 0x00014b32
ID
des fehlerhaften Prozesses: 0x654 Startzeit der fehlerhaften Anwendung: 0x01ce58a8a66c26ec
Pfad
der fehlerhaften Anwendung: C:\Program Files\WindowsApps\27021tamayg.Conquer_1.0.2.0_neutral__v3gh74v7k1ycp\ConquerW8ClientApp.exe
Pfad
des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\KERNELBASE.dll Berichtskennung: fb05c735-c49b-11e2-be93-002268e3e6dd
Vollständiger
Name des fehlerhaften Pakets: 27021tamayg.Conquer_1.0.2.0_neutral__v3gh74v7k1ycp
Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: App
Error - 24.05.2013 14:25:28 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.05.2013 18:31:12 | Computer Name = User-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "Apple Mobile Device" konnte nicht neu
gestartet werden.
Error - 24.05.2013 18:43:51 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.05.2013 19:43:10 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433,
Zeitstempel: 0x50763312 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.2.9200.16550,
Zeitstempel: 0x5136a2c8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000004af9
ID
des fehlerhaften Prozesses: 0x1024 Startzeit der fehlerhaften Anwendung: 0x01ce58cff4f7faea
Pfad
der fehlerhaften Anwendung: C:\WINDOWS\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\WINDOWS\system32\SHELL32.dll Berichtskennung: b0d6964b-c4cb-11e2-be94-002268e3e6dd
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 24.05.2013 19:43:38 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ Media Center Events ]
Error - 13.01.2013 01:45:23 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 06:45:23 - Fehler beim Herstellen der Internetverbindung. 06:45:23
- Serververbindung konnte nicht hergestellt werden..
Error - 13.01.2013 01:45:29 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 06:45:28 - Fehler beim Herstellen der Internetverbindung. 06:45:28
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 06:17:12 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 11:17:12 - Fehler beim Herstellen der Internetverbindung. 11:17:12
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 06:17:24 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 11:17:17 - Fehler beim Herstellen der Internetverbindung. 11:17:17
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 07:17:29 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 12:17:29 - Fehler beim Herstellen der Internetverbindung. 12:17:29
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 07:17:35 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 12:17:34 - Fehler beim Herstellen der Internetverbindung. 12:17:34
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 08:17:39 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 13:17:39 - Fehler beim Herstellen der Internetverbindung. 13:17:39
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 08:17:45 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 13:17:44 - Fehler beim Herstellen der Internetverbindung. 13:17:44
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 09:17:49 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 14:17:49 - Fehler beim Herstellen der Internetverbindung. 14:17:49
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2013 09:17:55 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 14:17:54 - Fehler beim Herstellen der Internetverbindung. 14:17:54
- Serververbindung konnte nicht hergestellt werden..
< End of report >
|
|
25.05.2013, 11:17
| #2 |
| /// TB-Ausbilder   | yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert? Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen. |
|
25.05.2013, 11:25
| #3 |
| /// TB-Ausbilder | yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert? Servus,
__________________es gibt die verschiedensten Möglichkeiten, wie die Malware auf deinen Rechner gelangt ist. Nachvollziehen lässt sich das nicht mehr. Ein paar Dinge hast du ja schon von deinem Rechner entfernt. Wir kümmern uns jetzt gemeinsam um den Rest.  Auf jeden Fall bist du mit Zbot infiziert, daher gibts erst mal diese Warnung:  Lesestoff:Banking-Trojaner Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden. So geht's los: Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [Hoguq] C:\Users\User\AppData\Roaming\Ylwe\xoywm.exe File not found
O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [Yontoo Desktop] "C:\Users\User\AppData\Roaming\Yontoo\YontooDesktop.exe" File not found
[2013.05.23 00:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.05.03 15:26:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ylwe
[2013.05.03 15:26:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Lebyhe
[2013.05.03 15:26:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ipibd
:commands
[Emptytemp]
Schritt 2 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Schritt 3 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Bitte poste mit deiner nächsten Antwort
|
|
26.05.2013, 19:01
| #4 |
| | yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert? Hallo, danke soweit. OTL hat rebootet. MBar hat nix gefunden. AdwCleaner hat wieder Yontoo gefunden :-( Hier die Logdateien: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2244628101-3715945705-3000758515-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Hoguq deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2244628101-3715945705-3000758515-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Yontoo Desktop deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache folder moved successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} folder moved successfully.
C:\ProgramData\Tarma Installer folder moved successfully.
C:\Users\User\AppData\Roaming\Ylwe folder moved successfully.
C:\Users\User\AppData\Roaming\Lebyhe folder moved successfully.
C:\Users\User\AppData\Roaming\Ipibd folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: User
->Temp folder emptied: 2373036126 bytes
->Temporary Internet Files folder emptied: 699783571 bytes
->Java cache emptied: 811427 bytes
->FireFox cache emptied: 396221518 bytes
->Google Chrome cache emptied: 475704982 bytes
->Flash cache emptied: 3330 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 100064 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 258174314 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 896330 bytes
RecycleBin emptied: 38528869 bytes
Total Files Cleaned = 4.047,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05252013_185345
Files\Folders moved on Reboot...
File move failed. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.05.25.06
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
User :: USER-PC [administrator]
25.05.2013 19:16:35
mbar-log-2013-05-25 (19-16-35).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 256413
Time elapsed: 1 hour(s), 44 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 26/05/2013 um 09:29:57 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 8 Pro with Media Center (64 bits)
# Benutzer : User - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Yontoo Desktop Updater
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://mail.google.com/mail/u/0/?shva=1#inbox --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
-\\ Google Chrome v27.0.1453.94
*************************
AdwCleaner[S1].txt - [2669 octets] - [26/05/2013 09:29:57]
########## EOF - C:\AdwCleaner[S1].txt - [2729 octets] ##########
[/CODE] Bin ich wieder sauber? Gruß Peter |
|
27.05.2013, 07:09
| #5 |
| /// TB-Ausbilder | yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert? Servus Peter, sieht schon besser aus.  Poste bitte eine neue Logdatei von OTL, danach sehen wir weiter. Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. |
|
27.05.2013, 08:21
| #6 |
| | yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert? Hi, hier die Log-Datei (eine Extra-Datei hat er dieses Mal nicht erstellt) nach erneutem OTL-Lauf (Quickscan, als Admin ausgeführt, über alle User, LOP & Purity Prüfung): OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.05.2013 09:14:34 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16580) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 57,64% Memory free 4,62 Gb Paging File | 2,40 Gb Available in Paging File | 51,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 142,73 Gb Free Space | 15,32% Space Free | Partition Type: NTFS Drive F: | 633,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive X: | 931,51 Gb Total Space | 8,21 Gb Free Space | 0,88% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Classic Shell\ClassicShellService.exe (IvoSoft) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll () MOD - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll () ========== Services (SafeList) ========== SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation) SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (BcmBtRSupport) -- C:\Windows\SysNative\BtwRSupportService.exe (Broadcom Corporation.) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ClassicShellService) -- C:\Programme\Classic Shell\ClassicShellService.exe (IvoSoft) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avnetflt) -- C:\Windows\SysNative\Drivers\avnetflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (BthA2DP) -- C:\Windows\SysNative\Drivers\BthA2DP.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\Drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (Tpkd) -- C:\WINDOWS\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.) DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\Drivers\emBDA64.sys (eMPIA Technology, Inc.) DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\Drivers\emOEM64.sys (eMPIA Technology, Inc.) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\Drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\Drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\Drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\Drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\Drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\Drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\Drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation) DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation) DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\Drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\Drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\Drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\Drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\Drivers\cbfs3.sys (EldoS Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\Drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\Drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\Drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (InputFilter_Hid_FlexDef2b) -- C:\Windows\SysNative\Drivers\InputFilter_FlexDef2b.sys (Siliten) DRV:64bit: - (psadd) -- C:\Windows\SysNative\Drivers\psadd.sys (Lenovo (United States) Inc.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\Drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\Drivers\BrSerIf.sys (Brother Industries Ltd.) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\Drivers\rixdpx64.sys (REDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3 IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 E7 59 61 60 B5 CD 01 [binary data] IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: %7BA4732521-77D9-447E-A557-B279AC923F06%7D:0.6.12 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.03.16 14:11:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 19:10:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.08 08:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013.05.24 19:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\thkeju61.default\extensions [2013.05.08 08:42:41 | 000,095,463 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\thkeju61.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}.xpi [2013.05.21 08:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.21 08:15:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.03.16 14:11:44 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://mail.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll CHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Mindjet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgpkinhfhnglbhoeoeooekalejbhbhgl\0.1.6_0\ CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Image-Toolbar (beta) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgaepnhfockgofcejphihfafgmenofb\0.1.0.0_0\ CHR - Extension: RealDownloader = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: Google Mail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft) O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe File not found O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not found O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe File not found O4 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-2244628101-3715945705-3000758515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FDC90D5-7A27-4E67-A8A4-0612F293D679}: DhcpNameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F6F2209-A54C-4E91-9B12-15BA81081B51}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.01.27 18:09:29 | 000,000,056 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.25 19:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.05.25 19:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.25 19:10:04 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbar-1.06.0.1003 [2013.05.25 18:53:45 | 000,000,000 | ---D | C] -- C:\_OTL [2013.05.24 21:50:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira [2013.05.24 21:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.24 21:43:46 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys [2013.05.24 21:43:46 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys [2013.05.24 21:43:46 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys [2013.05.24 21:43:46 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys [2013.05.24 21:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.24 21:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.05.24 19:27:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.05.22 19:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.22 19:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.05.21 08:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.12 19:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2012 [2013.05.12 19:06:00 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\bastel fräse [2013.05.12 17:13:50 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Amazon Downloader Logs [2013.05.12 17:00:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\3Dconnexion_Inc [2013.05.12 16:45:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NVIDIA [2013.05.12 16:34:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\3Dconnexion [2013.05.12 16:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Dconnexion [2013.05.12 16:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Dconnexion [2013.05.12 16:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\3Dconnexion [2013.05.11 12:36:52 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\SimCity [2013.05.07 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Buhl Data Service [2013.05.07 21:01:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Buhl Data Service [2013.05.07 15:51:49 | 000,000,000 | ---D | C] -- C:\Users\User\.smplayer [2013.05.07 08:49:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Ubisoft Game Launcher [2013.05.07 08:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2013.05.07 08:16:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Buhl [2013.05.07 08:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WISO [2013.05.07 08:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2013.05.06 23:34:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.05.06 22:43:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Origin [2013.05.06 22:43:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Origin [2013.05.06 22:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.05.06 22:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.05.06 22:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.05.06 22:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013.05.06 00:00:45 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Downloads [2013.05.03 15:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.05.02 14:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell [2013.05.02 14:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell ========== Files - Modified Within 30 Days ========== [2013.05.27 09:07:08 | 000,001,122 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.05.27 09:00:06 | 000,000,107 | ---- | M] () -- C:\Users\User\Desktop\Forstnerbohrer - was mache ich falsch- - Haus & Garten Forum - Chefkoch.de.url [2013.05.27 08:50:19 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.26 23:42:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.05.26 19:07:00 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.05.26 09:32:05 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.05.26 09:31:53 | 3377,258,496 | -HS- | M] () -- C:\hiberfil.sys [2013.05.25 18:28:49 | 000,632,031 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe [2013.05.25 17:21:52 | 000,009,728 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.25 01:03:51 | 000,007,670 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2013.05.24 21:39:52 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys [2013.05.24 21:39:52 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys [2013.05.24 21:39:52 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys [2013.05.24 21:39:52 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys [2013.05.24 19:27:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.05.22 08:35:47 | 000,342,592 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2013.05.12 20:44:16 | 000,000,862 | ---- | M] () -- C:\WINDOWS\wiso.ini [2013.05.07 22:47:21 | 001,681,014 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2013.05.07 22:47:21 | 000,728,328 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2013.05.07 22:47:21 | 000,689,200 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2013.05.07 22:47:21 | 000,146,020 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2013.05.07 22:47:21 | 000,125,560 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2013.05.06 23:34:03 | 000,189,248 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0 ========== Files Created - No Company Name ========== [2013.05.27 09:00:06 | 000,000,107 | ---- | C] () -- C:\Users\User\Desktop\Forstnerbohrer - was mache ich falsch- - Haus & Garten Forum - Chefkoch.de.url [2013.05.25 18:28:48 | 000,632,031 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe [2013.05.22 08:35:36 | 000,342,592 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2013.05.21 08:15:55 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.19 17:24:16 | 000,387,688 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml [2013.05.07 08:16:45 | 000,000,862 | ---- | C] () -- C:\WINDOWS\wiso.ini [2013.05.06 23:34:03 | 000,189,248 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0 [2013.03.16 11:10:57 | 000,015,873 | ---- | C] () -- C:\WINDOWS\SysWow64\Inetde.dll [2013.01.08 15:23:58 | 000,045,568 | ---- | C] () -- C:\WINDOWS\SysWow64\spwini.dll [2012.12.16 19:45:34 | 000,009,728 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.19 00:49:56 | 000,007,670 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2012.11.17 08:23:24 | 000,021,656 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\iLokDrvr.sys [2012.10.30 04:19:12 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2012.08.02 23:50:53 | 000,004,539 | ---- | C] () -- C:\Users\User\.recently-used.xbel [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2012.05.06 09:34:08 | 000,000,243 | ---- | C] () -- C:\Users\User\.swfinfo [2012.01.06 03:52:25 | 000,005,072 | ---- | C] () -- C:\Users\User\.TransferManager.db [2011.02.02 00:34:50 | 000,001,778 | ---- | C] () -- C:\Users\User\gdbtk.ini ========== ZeroAccess Check ========== [2013.01.28 23:11:59 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.12 16:34:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\3Dconnexion [2013.02.21 02:22:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Arduino [2013.03.16 11:10:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BOM [2013.05.07 21:02:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Buhl Data Service [2013.02.04 16:57:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CachedFiles [2012.12.26 21:02:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\calibre [2013.02.19 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2013.04.21 20:06:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CopyTrans [2013.01.07 11:50:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox [2013.02.21 05:21:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Fritzing [2013.05.12 19:32:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView [2012.12.26 21:35:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\JAM Software [2012.12.27 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mobipocket [2012.11.11 15:02:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2013.05.06 22:47:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin [2012.12.26 21:23:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer [2013.04.21 20:01:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report > [/CODE] Gruß Peter |
|
27.05.2013, 11:10
| #7 |
| /// TB-Ausbilder | yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert? Servus, Schritt 1 ESET Online Scanner
Schritt 2 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
29.05.2013, 17:57
| #8 |
| | yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert? Hallo, hier sind sie: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bd7a62355a41a142bbcaf20b3ac9f0d3
# engine=13941
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-28 09:37:12
# local_time=2013-05-28 11:37:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776573 100 94 352779 10366132 0 0
# scanned=163
# found=0
# cleaned=0
# scan_time=257
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bd7a62355a41a142bbcaf20b3ac9f0d3
# engine=13941
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-29 12:48:24
# local_time=2013-05-29 02:48:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776573 100 94 54345 10420803 0 0
# scanned=964281
# found=3
# cleaned=2
# scan_time=42444
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\User\AppData\Local\Temp\AskSLib.dll"
sh=D3AA4906D44844D74D07BB488CCC938E70720C23 ft=0 fh=0000000000000000 vn="a variant of Win32/TFTPD32.A application (deleted - quarantined)" ac=C fn="C:\Digest WR703N setup VIRUS\01 Flashing OpenWRT, text editors vi, nano\tftpd32.400.zip"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Dokumente und Einstellungen\User\AppData\Local\Temp\AskSLib.dll"
Code:
ATTFilter Results of screen317's Security Check version 0.99.63
x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 21
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox (21.0)
Google Chrome 27.0.1453.93
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Peter |
|
29.05.2013, 20:35
| #9 |
| /// TB-Ausbilder | yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert? Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Fixen mit OTL
Code:
ATTFilter :files
C:\Users\User\AppData\Local\Temp\AskSLib.dll
:Commands
[reboot]
Schritt 2 Die Reihenfolge ist hier entscheidend.
Schritt 3 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von Registry Cleanern. Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link: Miekemoes Blogspot ( MVP ) Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
30.05.2013, 10:19
| #10 |
| | yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert? Hi, vielen Dank, ist damit erledigt, Spende kommt :-) Das Temp-Verzeichnis hatte ich schon geleert: Code:
ATTFilter ========== FILES ==========
File\Folder C:\Users\User\AppData\Local\Temp\AskSLib.dll not found.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 05302013_015737
Code:
ATTFilter # DelFix v10.2 - Datei am 30/05/2013 um 11:09:46 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Benutzer : User - USER-PC
# Betriebssystem : Windows 8 Pro with Media Center (64 bits)
~ Aktiviere die Benutzerkontensteuerung ... OK
~ Entferne die Bereinigungsprogramme ...
Gelöscht : C:\_OTL
Gelöscht : C:\AdwCleaner[S1].txt
Gelöscht : HKLM\SOFTWARE\OldTimer Tools
Gelöscht : HKLM\SOFTWARE\AdwCleaner
~ Erstelle ein Backup der Registrierungsdatenbank ... OK
~ Lösche die Wiederherstellungspunkte ...
Gelöscht : RP #43 [Windows Update | 05/19/2013 15:29:20]
Gelöscht : RP #44 [Entfernt Tom Clancy's H.A.W.X. 2 | 05/21/2013 06:06:07]
Gelöscht : RP #45 [Removed Eraser 6.0.10.2620 | 05/24/2013 18:03:43]
Gelöscht : RP #46 [Installed iTunes | 05/28/2013 21:43:02]
Ein neuer Wiederherstellungspunkt wurde erstellt !
~ Stelle die Systemeinstellungen wieder her ... OK
########## - EOF - ##########
Peter |
|
30.05.2013, 10:28
| #11 |
| /// TB-Ausbilder | yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert? Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert? |
| 7-zip, adobe reader xi, antivir, avira, browser, desktop, ebay, email, entfernen, error, exe-dateien, festplatte, firefox, flash player, google, homepage, iexplore.exe, install.exe, kreditkarte, logfile, msvcrt, plug-in, problem, registry, scan, security, software, svchost.exe, system, tarma, taskmanager, windowsapps, wiso |
Textbox. 
Linear-Darstellung
