| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Noch ein wssetup.exe OpferWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.06.2013, 09:51
| #1 |
| |  Noch ein wssetup.exe Opfer Hallo Leute das Thema wurde hier in letzter Zeit schon öfter gelöst, nur immer bisschen verschieden, deswegen eröffne ich ein neues Thema. ich habe auch das Problem, dass nach dem Systemstart "wssetup.exe" um die Erlaubnis bittet Änderungen vorzunehmen. könnt ihr mir bitte auch eine Anleitung schicken? benutze avast free antivirus auf einem windows 7 64 bit system vielen dank |
|
11.06.2013, 09:52
| #2 |
| /// Helfer-Team  | Noch ein wssetup.exe Opfer Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
dann: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
11.06.2013, 10:02
| #3 |
| | Noch ein wssetup.exe Opfer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__________________Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Ultimate x64 Ran by Fix on 11.06.2013 at 10:56:56,60 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Failed to stop: [Service] ibupdaterservice ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sweetim Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sweetpacks communicator ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sim-packages Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetie.ietoolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetie.ietoolbar.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.sweetie Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.sweetie.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\app paths\sweetim.exe ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\sweetim" Successfully deleted: [Folder] "C:\Users\Fix\AppData\Roaming\opencandy" Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim" ~~~ Chrome Successfully deleted: [Folder] C:\Users\Fix\appdata\local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.06.2013 at 11:00:36,63 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.06.2013 11:03:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fix\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16443) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,01% Memory free 8,00 Gb Paging File | 6,25 Gb Available in Paging File | 78,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 121,01 Gb Total Space | 66,61 Gb Free Space | 55,05% Space Free | Partition Type: NTFS Drive D: | 50,03 Gb Total Space | 30,39 Gb Free Space | 60,74% Space Free | Partition Type: NTFS Drive E: | 126,95 Gb Total Space | 80,82 Gb Free Space | 63,66% Space Free | Partition Type: NTFS Computer Name: FIX-PC | User Name: Fix | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.11 11:03:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fix\Desktop\OTL.exe PRC - [2013.05.27 10:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- D:\Programme\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- D:\Programme\Avast\AvastSvc.exe PRC - [2011.10.25 20:39:40 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe PRC - [2009.08.20 22:16:54 | 005,782,528 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ========== Modules (No Company Name) ========== MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Users\Fix\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll MOD - [2013.05.29 07:27:37 | 013,136,336 | ---- | M] () -- C:\Users\Fix\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Users\Fix\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Users\Fix\AppData\Local\Google\Chrome\Application\27.0.1453.110\libglesv2.dll MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Users\Fix\AppData\Local\Google\Chrome\Application\27.0.1453.110\libegl.dll MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Users\Fix\AppData\Local\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll MOD - [2013.05.27 10:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe MOD - [2013.05.27 10:56:42 | 000,382,976 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2009.03.25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll MOD - [2009.01.15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll MOD - [2006.01.10 10:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.05.21 15:31:12 | 001,447,728 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService) SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.15 20:52:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Programme\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.02.07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.11.10 19:37:02 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013.01.25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5) DRV:64bit: - [2013.01.25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4) DRV:64bit: - [2013.01.25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3) DRV:64bit: - [2013.01.25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2) DRV:64bit: - [2013.01.25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.04.12 17:43:27 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.04.12 17:43:27 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2012.04.12 17:43:18 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.04.12 17:43:13 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.05.13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.05.13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.05.13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.04.27 04:25:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm) DRV:64bit: - [2010.04.27 04:25:14 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus) DRV:64bit: - [2010.04.27 04:25:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl) DRV:64bit: - [2009.07.28 09:04:38 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.06 08:56:30 | 000,030,528 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\brpar64a.sys -- (BrPar) DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1673546818-2970949312-2048287020-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\S-1-5-21-1673546818-2970949312-2048287020-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1673546818-2970949312-2048287020-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C 98 68 03 52 9E CD 01 [binary data] IE - HKU\S-1-5-21-1673546818-2970949312-2048287020-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1673546818-2970949312-2048287020-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1673546818-2970949312-2048287020-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fix\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fix\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fix\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Fix\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fix\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Programme\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Programme\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Programme\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Programme\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Programme\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Programme\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Programme\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\Fix\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Google Docs = C:\Users\Fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Ancient Dark = C:\Users\Fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\flkfcefhebalbhjgphdocdieolkkgffo\1.1_0\ CHR - Extension: avast! Online Security = C:\Users\Fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\ CHR - Extension: Google Mail = C:\Users\Fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Docs = C:\Users\Fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Ancient Dark = C:\Users\Fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\flkfcefhebalbhjgphdocdieolkkgffo\1.1_0\ CHR - Extension: avast! Online Security = C:\Users\Fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\ CHR - Extension: Google Mail = C:\Users\Fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Programme\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Programme\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] D:\Programme\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1673546818-2970949312-2048287020-1001..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E606DA0A-4B7C-45FF-A099-63B91D76DA38}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.11 11:03:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fix\Desktop\OTL.exe [2013.06.11 10:56:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.11 10:56:20 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.11 10:56:08 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Fix\Desktop\JRT.exe [2013.06.07 11:25:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp [2013.06.07 11:25:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC [2013.06.07 11:25:37 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.06.07 11:25:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT [2013.06.06 10:49:06 | 000,000,000 | ---D | C] -- C:\Users\Fix\Desktop\Michael Jackson - Thriller 320 kbit_h5j5j5l4m3 [2013.05.16 23:34:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.16 23:34:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.16 23:34:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.16 23:34:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.16 23:34:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.16 23:34:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.16 23:34:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.16 23:34:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.16 23:34:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.16 23:34:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.16 23:34:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.16 23:34:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.16 23:34:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.16 23:34:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.16 23:34:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.16 21:42:39 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.16 21:42:39 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.16 21:42:22 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.16 21:42:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.16 21:42:20 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.16 21:42:20 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.16 21:42:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.13 09:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2 C:\Users\Fix\Desktop\*.tmp files -> C:\Users\Fix\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.11 11:03:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fix\Desktop\OTL.exe [2013.06.11 10:56:15 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Fix\Desktop\JRT.exe [2013.06.11 10:52:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.11 10:44:52 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.11 10:39:18 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 10:39:18 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 10:33:04 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.11 10:32:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.11 10:32:11 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2013.06.10 23:16:02 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1673546818-2970949312-2048287020-1001Core.job [2013.06.10 23:15:57 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1673546818-2970949312-2048287020-1001UA.job [2013.06.06 10:49:04 | 100,117,881 | ---- | M] () -- C:\Users\Fix\Desktop\Michael Jackson - Thriller 320 kbit_h5j5j5l4m3.rar [2013.06.03 18:25:10 | 014,408,971 | ---- | M] () -- C:\Users\Fix\Desktop\Mashup-Germany - Sweet monster of mine (Extended Edit).mp3 [2013.06.03 18:25:10 | 011,163,491 | ---- | M] () -- C:\Users\Fix\Desktop\Mashup-Germany - Can't hold Superfreakz.mp3 [2013.06.03 18:25:10 | 008,774,356 | ---- | M] () -- C:\Users\Fix\Desktop\Mashup-Germany - This is love.mp3 [2013.06.03 18:25:10 | 008,677,910 | ---- | M] () -- C:\Users\Fix\Desktop\Mashup-Germany - I could be Zebra's Astronomia (Radio Edit).mp3 [2013.06.03 18:25:10 | 007,730,448 | ---- | M] () -- C:\Users\Fix\Desktop\Mashup-Germany - Somewhere ohne Kompass.mp3 [2013.06.03 18:25:10 | 005,060,485 | ---- | M] () -- C:\Users\Fix\Desktop\David Guetta ft Akon - change comes.mp3 [2013.06.03 17:46:50 | 000,253,896 | ---- | M] () -- C:\Users\Fix\Desktop\09_pat bildungsstaat SoSe 2013.pdf [2013.06.03 17:46:42 | 000,190,481 | ---- | M] () -- C:\Users\Fix\Desktop\08_pat sozialstaat SoSe 2013.pdf [2013.06.03 17:46:36 | 000,589,929 | ---- | M] () -- C:\Users\Fix\Desktop\07_pat medien SoSe 2013.pdf [2013.06.03 17:46:25 | 000,455,190 | ---- | M] () -- C:\Users\Fix\Desktop\06_pat ideologien SoSe 2013.pdf [2013.06.03 17:46:15 | 000,646,232 | ---- | M] () -- C:\Users\Fix\Desktop\05_pat Parteiensystem SoSe 2013.pdf [2013.06.03 17:43:26 | 005,962,151 | ---- | M] () -- C:\Users\Fix\Desktop\Test1_SS2010-Juni_.pdf [2013.06.03 17:36:00 | 000,001,009 | ---- | M] () -- C:\Users\Fix\Desktop\Dropbox.lnk [2013.06.02 19:56:14 | 000,030,807 | ---- | M] () -- C:\Users\Fix\Desktop\trendyone_pic.jpg [2013.05.30 13:24:51 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2013.05.30 13:24:51 | 000,000,054 | ---- | M] () -- C:\Windows\SysWow64\bd2040.dat [2013.05.30 13:14:04 | 000,011,012 | ---- | M] () -- C:\Users\Fix\Desktop\Leistungsnachweis_30052013_1313.pdf.pdf [2013.05.27 10:14:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.05.27 09:44:10 | 000,417,991 | ---- | M] () -- C:\Users\Fix\Desktop\Erstes Vortreffen Sommerzeltlager Zusammenfassung.pdf [2013.05.21 15:31:12 | 001,447,728 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe [2013.05.21 15:30:18 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.05.19 23:39:44 | 001,622,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.19 23:39:44 | 000,700,380 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.19 23:39:44 | 000,655,092 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.19 23:39:44 | 000,149,176 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.19 23:39:44 | 000,121,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.18 00:31:52 | 000,019,584 | ---- | M] () -- C:\Users\Fix\Desktop\Prüfungsbescheid_177_21435_Bachelorpruefung_20130517114333.pdf [2013.05.17 09:50:44 | 093,996,968 | ---- | M] () -- C:\Users\Fix\Desktop\Tomorrowland 2013 - Official WarmUp Festival Mix.mp3 [2013.05.17 09:50:23 | 000,017,406 | -H-- | M] () -- C:\Users\Fix\Desktop\Folder.jpg [2013.05.17 09:18:10 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 20:52:26 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 20:52:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.15 20:43:37 | 000,534,023 | ---- | M] () -- C:\Users\Fix\Desktop\Eintrittskarten-Team-Felix.pdf [2 C:\Users\Fix\Desktop\*.tmp files -> C:\Users\Fix\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.07 11:25:37 | 001,447,728 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2013.06.06 10:14:42 | 100,117,881 | ---- | C] () -- C:\Users\Fix\Desktop\Michael Jackson - Thriller 320 kbit_h5j5j5l4m3.rar [2013.06.03 17:46:50 | 000,253,896 | ---- | C] () -- C:\Users\Fix\Desktop\09_pat bildungsstaat SoSe 2013.pdf [2013.06.03 17:46:42 | 000,190,481 | ---- | C] () -- C:\Users\Fix\Desktop\08_pat sozialstaat SoSe 2013.pdf [2013.06.03 17:46:33 | 000,589,929 | ---- | C] () -- C:\Users\Fix\Desktop\07_pat medien SoSe 2013.pdf [2013.06.03 17:46:23 | 000,455,190 | ---- | C] () -- C:\Users\Fix\Desktop\06_pat ideologien SoSe 2013.pdf [2013.06.03 17:46:13 | 000,646,232 | ---- | C] () -- C:\Users\Fix\Desktop\05_pat Parteiensystem SoSe 2013.pdf [2013.06.03 17:43:20 | 005,962,151 | ---- | C] () -- C:\Users\Fix\Desktop\Test1_SS2010-Juni_.pdf [2013.06.02 19:56:13 | 000,030,807 | ---- | C] () -- C:\Users\Fix\Desktop\trendyone_pic.jpg [2013.05.30 13:14:03 | 000,011,012 | ---- | C] () -- C:\Users\Fix\Desktop\Leistungsnachweis_30052013_1313.pdf.pdf [2013.05.27 09:44:08 | 000,417,991 | ---- | C] () -- C:\Users\Fix\Desktop\Erstes Vortreffen Sommerzeltlager Zusammenfassung.pdf [2013.05.18 00:31:51 | 000,019,584 | ---- | C] () -- C:\Users\Fix\Desktop\Prüfungsbescheid_177_21435_Bachelorpruefung_20130517114333.pdf [2013.05.17 09:53:30 | 000,017,406 | -H-- | C] () -- C:\Users\Fix\Desktop\Folder.jpg [2013.05.15 20:43:35 | 000,534,023 | ---- | C] () -- C:\Users\Fix\Desktop\Eintrittskarten-Team-Felix.pdf [2013.05.13 19:22:35 | 014,408,971 | ---- | C] () -- C:\Users\Fix\Desktop\Mashup-Germany - Sweet monster of mine (Extended Edit).mp3 [2013.05.13 19:22:26 | 008,774,356 | ---- | C] () -- C:\Users\Fix\Desktop\Mashup-Germany - This is love.mp3 [2013.05.13 19:22:18 | 011,163,491 | ---- | C] () -- C:\Users\Fix\Desktop\Mashup-Germany - Can't hold Superfreakz.mp3 [2013.05.13 19:19:52 | 007,730,448 | ---- | C] () -- C:\Users\Fix\Desktop\Mashup-Germany - Somewhere ohne Kompass.mp3 [2013.05.13 19:17:48 | 008,677,910 | ---- | C] () -- C:\Users\Fix\Desktop\Mashup-Germany - I could be Zebra's Astronomia (Radio Edit).mp3 [2013.05.13 18:54:02 | 005,060,485 | ---- | C] () -- C:\Users\Fix\Desktop\David Guetta ft Akon - change comes.mp3 [2013.05.13 09:29:03 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.13 09:29:02 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.07 20:53:45 | 000,003,360 | ---- | C] () -- C:\Users\Fix\AppData\Local\recently-used.xbel [2013.03.24 13:01:08 | 000,007,605 | ---- | C] () -- C:\Users\Fix\AppData\Local\Resmon.ResmonCfg [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.13 12:12:52 | 001,599,058 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.12 17:34:59 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2012.04.12 17:34:58 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2012.04.12 17:34:57 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2040.INI [2012.04.12 17:34:57 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2012.04.12 17:34:54 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.04.12 17:29:23 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2040.dat [2012.04.12 17:28:26 | 000,000,091 | ---- | C] () -- C:\Windows\Brownie.ini [2012.04.12 16:18:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.12 16:01:30 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.04.12 15:55:56 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012.04.12 15:55:56 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.04.12 15:55:50 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.04.12 15:55:50 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012.04.12 15:51:14 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.04.12 15:51:09 | 000,021,060 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.27 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\Fix\AppData\Roaming\Audacity [2013.06.10 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\Fix\AppData\Roaming\Dropbox [2012.12.24 13:26:28 | 000,000,000 | ---D | M] -- C:\Users\Fix\AppData\Roaming\JDownloaderPackages [2012.07.18 16:53:31 | 000,000,000 | ---D | M] -- C:\Users\Fix\AppData\Roaming\Samsung ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.06.2013 11:03:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fix\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,01% Memory free
8,00 Gb Paging File | 6,25 Gb Available in Paging File | 78,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 121,01 Gb Total Space | 66,61 Gb Free Space | 55,05% Space Free | Partition Type: NTFS
Drive D: | 50,03 Gb Total Space | 30,39 Gb Free Space | 60,74% Space Free | Partition Type: NTFS
Drive E: | 126,95 Gb Total Space | 80,82 Gb Free Space | 63,66% Space Free | Partition Type: NTFS
Computer Name: FIX-PC | User Name: Fix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C6F0652-C449-4131-933B-FA306F7C54C6}" = rport=138 | protocol=17 | dir=out | app=system |
"{11EDB7F9-D20A-43B5-8588-C15B08CDF24E}" = lport=139 | protocol=6 | dir=in | app=system |
"{169D2D71-1ADA-423A-A9EC-6B73BAE156DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2206BB6A-DBD3-4D55-BACD-9141F41E1695}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{31115B81-7581-4067-8825-425FF7F83022}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{33527983-EA28-455A-B6A2-DA623C17FA6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{38550FAE-A3DF-467C-A4CC-3D54B844571E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3A08CC21-D281-4AC6-B72C-E90E0E10AB47}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43C1996D-22D9-4B1E-AAAA-FDD7E39D459D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4A1D99A9-0C4F-4024-A4C8-9E994828EFB6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4A271A6D-13C7-4D5D-BE52-F2FF2A57235F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77388112-2892-4F6A-AE59-0E4D1A9F98E6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{817EC24B-585D-44BA-A578-8B29B3246735}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8403382B-C75D-4E3C-BB93-5D6A2F83C4B8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{856DC42E-D135-46EA-933B-56541ADDC384}" = lport=137 | protocol=17 | dir=in | app=system |
"{86D521D1-0A0E-4B8D-99B7-AEF4EEB1708E}" = rport=139 | protocol=6 | dir=out | app=system |
"{8B6C58E5-DA74-4A56-99A3-EDCA1362418C}" = lport=138 | protocol=17 | dir=in | app=system |
"{917C242A-A131-4E72-9DFE-5E04BA452F74}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A6EF972-6E9E-4841-931D-8FB35A87ED02}" = lport=445 | protocol=6 | dir=in | app=system |
"{9E1F7E7B-794D-41A2-8C12-0740994BF114}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3677143-5440-4648-A5B9-029F486574D2}" = rport=137 | protocol=17 | dir=out | app=system |
"{A40EC7A6-F9C2-4D55-9E80-6CE04DE62069}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A522FAC1-FAF1-440A-9AAC-81E014720F01}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF9B802C-60F8-4BFB-8E4C-F899F7382FE8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6A4F051-33F4-4691-9872-D3F82B7093E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9398DC7-EC68-491E-A511-C4057886F036}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe |
"{E1E8FC59-2B57-4AD5-BF27-F2463C2CAF0E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{EA88B054-E0A4-48E8-BBFA-0D055B9C6392}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06174B47-ED96-49AE-B31B-0C680E6F10D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{068BEC6C-C913-47AE-B905-EA4E8C68C55F}" = protocol=6 | dir=out | app=system |
"{0694D773-8DFC-4995-9A30-50FEC6767D11}" = protocol=6 | dir=in | app=d:\programme\samsung\npsvsvr.exe |
"{0A6744B7-977F-4C01-9B14-EE7D0DED14CF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{0C17103F-6858-4E5C-8B68-EB01CC43D524}" = protocol=6 | dir=out | app=system |
"{0E85FFC3-2E2A-435E-8D89-B5B70FCCFD81}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{0F3C6D8E-23C9-4E5D-AE47-D7FA9E8D12A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13870B93-0624-4255-99AF-06D8E9A7A400}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{1B1C0A4F-D336-4D7A-87A4-81FC5BD1286B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{1D460E64-903C-4C93-8AAC-5CB13424EB50}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{1DEC9124-3139-42D3-A55F-1FE806516FDC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{1FA47774-433D-4282-A147-39AD0426AD05}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{25ABD26A-63CF-4171-9734-02C391B0052E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{26ADA8B8-EADB-45A9-825C-F09C4034E881}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{290C4ACC-5126-4B37-A3EC-1332CC9BB668}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{303A168B-7253-4C5E-861C-39CD398C8937}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{315AD42A-DB1C-499C-9FDD-BEBC73AC4AE2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{33544D48-060E-4368-A6B3-EE4EF103851E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{339EE4E2-C201-4BDD-90FE-A26C3E8428DC}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{38D299B0-4598-4FEE-AB5F-8E766E0B1314}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B8929A5-8722-479B-BE8A-A8B4E2397441}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{3E9C87F6-939C-438D-A58C-F4260125F845}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{49A93122-6F8A-46B8-9587-3C5622AD62EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{514033DB-3CB8-4BF5-924D-341F82235B69}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{558551E5-45BD-417A-8816-CE45C29D91EA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{5831C97D-4153-4FB6-A2A9-DB9D584AA528}" = protocol=6 | dir=in | app=d:\programme\diablo 3 beta\diablo iii beta\diablo iii.exe |
"{5DE7D424-6E26-426E-82CB-AD640B143215}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{60111BEC-7BE2-4DF3-B657-259A42AC1714}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{605004C2-8D33-45EA-9730-39CD6311F23F}" = dir=in | app=c:\users\fix\appdata\local\microsoft\skydrive\skydrive.exe |
"{65457A81-5855-4CA8-80ED-CAC52F08ABEF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{67474DB9-E240-456F-983D-6DDAB18CEE74}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67870F09-08B3-4931-970E-066E1E33FF75}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6AE8C979-882B-42CC-B36B-4E6E9076F835}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{6BF28FFB-F46F-474F-9AE9-C543E82E04AC}" = protocol=6 | dir=in | app=d:\programme\diablo iii\diablo iii.exe |
"{6D89FF40-8A0A-4D1A-8DDF-5BC8015A4E36}" = protocol=17 | dir=in | app=d:\programme\diablo iii\diablo iii.exe |
"{6E89DBF5-DB6B-456C-B344-E625432EB749}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F6E8063-E3BD-4884-BF1B-368A93CCE1FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F7980C6-71B1-4EB3-AF5D-192771E708B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70B00A7A-8510-48B8-B80B-82E2C838993A}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{769CBB9D-504B-4040-A8DB-F0EE336DD2F7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{77BB5324-D9BB-4100-B21A-DA81178E96BE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7CCB18AB-8177-48FD-8244-AAA87F2C9785}" = protocol=17 | dir=in | app=d:\programme\samsung\npsvsvr.exe |
"{7D8E5F3A-2E20-4134-B57B-E9BD65F29E28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{81D2F4F2-7BA8-40EC-BD4F-92C7F0C39C19}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{8837CE0E-2BD7-440A-BFC8-307D7F1770F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C12BDF3-2D8F-4014-AE6B-AC3C04D16C8E}" = protocol=17 | dir=in | app=d:\programme\samsung\npsasvr.exe |
"{905100C3-2056-4D7D-A846-18DB8464C727}" = protocol=6 | dir=in | app=d:\programme\samsung\npsasvr.exe |
"{92BB3BED-8AD5-43F3-9515-601B426B74E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9EC82E0A-9839-4995-B41C-46BADEA9E6E2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{9F5A5191-8494-47B4-BB2D-8661C62078B2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{AC395426-41D3-47F5-9BC5-19D459675EA6}" = protocol=17 | dir=in | app=c:\users\fix\appdata\roaming\dropbox\bin\dropbox.exe |
"{BA483416-6E51-465D-9CD3-A9CB5D222D1A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BCF04133-2BE6-4AC1-988C-A21D4AA61FF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4470007-CDB2-428E-A535-09C092177A4B}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C4881B14-99EB-4C08-88F0-2D32ECAAFFDF}" = protocol=6 | dir=out | app=system |
"{C5280C8A-E812-4A91-AA68-32405AD1FA47}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C8E4F353-8073-4A3F-9AF2-1D24C4A9E7A9}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C916B188-DD99-42AD-8D4C-47D2A8F768FC}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{CB19EA99-CC77-40DF-9840-3FAF9DE9DE33}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{D6E10042-6A85-4DE2-8940-B9D20CEA0C8A}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{DA88D07B-E761-4E13-BB02-0467FE43B9C0}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{E37325D4-7924-409F-B226-8EBA3E8FC16C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{E98670FD-EF40-412D-BCDD-962604EA981B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EA691897-A2EE-4BBC-97F1-ECBF317192F4}" = protocol=17 | dir=in | app=d:\programme\diablo 3 beta\diablo iii beta\diablo iii.exe |
"{EB27BEE5-C608-4D98-A92B-5DC8E0C8CB81}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{EB30A643-5568-402F-BE42-A4A4F617BC17}" = protocol=6 | dir=in | app=c:\users\fix\appdata\roaming\dropbox\bin\dropbox.exe |
"{EE807907-972D-4397-9E19-67F89A19CAF8}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{F3D02FFC-DE32-4F73-84C4-B554F4DE0710}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{F90FFEB0-8D5C-4D21-B794-53641BBDE1C2}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{FB2AD9B7-1BAC-4A69-83F9-FF3E997E18E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FDC29B68-76F1-487C-A07D-629AD16FC0CC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{3132CFE4-6498-4BEE-9B86-9D55CA4B62AE}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{32B9D01D-DB31-4044-8183-6590EC7C9DD2}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{442E7565-0FC1-476E-B2DE-390734D0A9C5}C:\users\fix\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\fix\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{51044842-54D7-4FE5-9663-4450F522D050}D:\programme\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=d:\programme\jdownloader\jre\bin\javaw.exe |
"TCP Query User{7BA6C6E8-48B0-4BD3-9EBA-04D3893EA10C}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"TCP Query User{7CD451D0-DCDE-47B0-90B5-9570E350AA2F}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"TCP Query User{8D0EE0DA-EF8C-47AC-98E5-D5F533BEA801}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"TCP Query User{A7998EA3-7706-4A52-90D0-10A3E66196DE}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{C65C8661-3A31-4B5E-80C4-3807DCEBD00B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{E6BA68A0-2AA7-4E8D-AA9A-BAA0A8432543}D:\programme\zune.exe" = protocol=6 | dir=in | app=d:\programme\zune.exe |
"TCP Query User{FB1022D9-8DD2-4E4D-AC69-495D88732D1A}C:\program files (x86)\diablo iii beta\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"UDP Query User{268F2F5F-7F4F-4374-9569-F88DA5E44BDB}C:\program files (x86)\diablo iii beta\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"UDP Query User{33F63102-D13F-49BA-8AB5-B4580E3762AB}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{34513016-7199-4140-8959-C264C56D98C6}D:\programme\zune.exe" = protocol=17 | dir=in | app=d:\programme\zune.exe |
"UDP Query User{3656443B-D27B-474C-A3A4-3E169FA92A1A}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{4C61C817-83A4-46CA-8C3B-5533BB4E506D}C:\users\fix\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\fix\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{50A04212-81BA-49AD-A083-E753E61EA1CF}D:\programme\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=d:\programme\jdownloader\jre\bin\javaw.exe |
"UDP Query User{9ADFBF5F-BF13-41B5-BFB8-30C4210757AD}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{9D528FB4-2464-446B-8866-7E0B052EA21E}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{B4EE32D8-F751-4A13-BF01-03C854851EC5}C:\programdata\battle.net\agent\agent.524\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"UDP Query User{CE151FF3-1088-43AD-9BB8-C3167CD013CE}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{E350261F-BA04-46E2-AA34-C0D93AD49B52}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{303CE0AA-A81D-4087-B620-AE4C3B404108}" = AMD Drag and Drop Transcoding
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{97D7FB32-C400-7500-3596-5E10B70FECF2}" = AMD AVIVO64 Codecs
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.6.12
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A1A085A-5A83-4F25-9AFF-1FABA547585D}" = Brother HL-2040
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{99416104-7727-B287-2F24-05E3AA57DC01}" = HydraVision
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}" = Nero Multimedia Suite 10 Essentials
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate*DiscWizard
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"Diablo III" = Diablo III
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"SopCast" = SopCast 3.5.0
"VLC media player" = VLC media player 2.0.1
"WNLT" = IB Updater Service
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1673546818-2970949312-2048287020-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"JDownloader Packages" = JDownloader Packages
"SkyDriveSetup.exe" = Microsoft SkyDrive
< End of report >
|
|
11.06.2013, 10:44
| #4 |
| /// Helfer-Team | Noch ein wssetup.exe Opfer Sieht gut aus, besteht das Problem noch? Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
|
11.06.2013, 10:51
| #5 |
| | Noch ein wssetup.exe Opfer das problem scheint gelöst ich führe jetzt den nächsten schritt aus edit: es konnte keine malware gefunden werden, nach einem neustart ist das problem scheinbar gelöst  viele dank! Geändert von FixEberle (11.06.2013 um 11:07 Uhr) |
|
11.06.2013, 11:07
| #6 |
| /// Helfer-Team | Noch ein wssetup.exe Opfer gut! Downloade Dir bitte  SecurityCheck und:
__________________ --> Noch ein wssetup.exe Opfer |
|
11.06.2013, 11:08
| #7 |
| | Noch ein wssetup.exe Opfer Malwarebytes Anti-Rootkit BETA 1.06.0.1003 Malwarebytes : Free Anti-Malware download Database version: v2013.06.11.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Fix :: FIX-PC [administrator] 11.06.2013 11:53:21 mbar-log-2013-06-11 (11-53-21).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 227384 Time elapsed: 11 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 17 Java version out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Avast AvastSvc.exe Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` das bedeutet ich soll java und adobe reader uptaden? |
|
11.06.2013, 11:24
| #8 |
| /// Helfer-Team | Noch ein wssetup.exe Opfer Aktualisiere:
Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
11.06.2013, 11:55
| #9 |
| | Noch ein wssetup.exe Opfer ich finde keinen reit mit uptade!? liegt das daran dass ich die 64 bit version benutze? edit: Java plugin ist erfolgreich deaktiviert |
|
11.06.2013, 15:20
| #10 |
| /// Helfer-Team | Noch ein wssetup.exe Opfer Sehr gut!  damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung Die Reihenfolge ist hier entscheidend.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
15.09.2013, 11:33
| #11 |
| /// Helfer-Team | Noch ein wssetup.exe Opfer Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Noch ein wssetup.exe Opfer |
| 64 bit, anleitung, antivirus, avast, avast free antivirus, bittet, erlaubnis, free, gelöst, leitung, leute, neues, opfer, problem, schicke, schicken, systems, systemstart, thema, verschieden, windows, windows 7, windows 7 64 bit, Änderungen, öfter |
Linear-Darstellung
